Vulnerability-Lookup

BDU:2025-08113

Vulnerability from fstec - Published: 06.07.2025

Title

Уязвимость сервера системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость сервера системы управления базами данных (СУБД) Redis связана с целочисленным переполнением в буфере при выполнении команд, использующих алгоритм HyperLogLog. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код путем отправки специально сформированной HLL-команды

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», Redis Labs, АО «НТЦ ИТ РОСА», Fedora Project

Software Name

Red Hat Enterprise Linux, SUSE Linux Enterprise Module for Server Applications, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, Redis, РОСА ХРОМ (запись в едином реестре российских программ №1607), SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Fedora, Redis Server, Fedora EPEL

Software Version

8 (Red Hat Enterprise Linux), 15 SP3 (SUSE Linux Enterprise Module for Server Applications), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Server), 9 (Red Hat Enterprise Linux), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), - (Redis), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 12.4 (РОСА ХРОМ), 15 SP5 (SUSE Linux Enterprise Module for Server Applications), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15.6 (OpenSUSE Leap), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP6 (SUSE Linux Enterprise Module for Server Applications), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing), 42 (Fedora), 15 SP7 (SUSE Linux Enterprise High Performance Computing), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 10 (Red Hat Enterprise Linux), 15 SP7 (SUSE Linux Enterprise Module for Server Applications), 8.8 Telecommunications Update Service (Red Hat Enterprise Linux), 8.8 Update Services for SAP Solutions (Red Hat Enterprise Linux), до 2.8 включительно (Redis Server), LTS 4.3 (SUSE Manager Proxy), LTS 4.3 (SUSE Manager Retail Branch Server), LTS 4.3 (SUSE Manager Server), 13 (Debian GNU/Linux), 16.0 (SUSE Linux Enterprise Server for SAP Applications), 8.4 Extended Update Support Long-Life Add-On (Red Hat Enterprise Linux), epel10 (Fedora EPEL)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Компенсирующие меры: - ограничение возможности выполнения HLL-команд; - использование систем обнаружения и предотвращения вторжений для обнаружения (выявления, регистрации) и реагирования на попытки эксплуатации уязвимостей - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей. Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-32023 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2025-32023 Для Fedora: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8cce4f2f71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-79c2e0f87a https://bodhi.fedoraproject.org/updates/FEDORA-2025-8e2eddc063 https://bodhi.fedoraproject.org/updates/FEDORA-2025-34895333b5 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2025-32023.html Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-3029

Reference

https://github.com/valkey-io/valkey/tags https://www.opennet.ru/opennews/art.shtml?num=63537 https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43 https://github.com/redis/redis https://t.me/c/1627154862/199238 https://security-tracker.debian.org/tracker/CVE-2025-32023 https://access.redhat.com/security/cve/cve-2025-32023 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8cce4f2f71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-79c2e0f87a https://bodhi.fedoraproject.org/updates/FEDORA-2025-8e2eddc063 https://bodhi.fedoraproject.org/updates/FEDORA-2025-34895333b5 https://www.suse.com/security/cve/CVE-2025-32023.html http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://abf.rosa.ru/advisories/ROSA-SA-2025-3029

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Redis Labs, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Fedora Project",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 15 SP3 (SUSE Linux Enterprise Module for Server Applications), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Server), 9 (Red Hat Enterprise Linux), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), - (Redis), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), 15 SP5 (SUSE Linux Enterprise Module for Server Applications), 8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15.6 (OpenSUSE Leap), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), 15 SP6 (SUSE Linux Enterprise Module for Server Applications), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing), 42 (Fedora), 15 SP7 (SUSE Linux Enterprise High Performance Computing), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 10 (Red Hat Enterprise Linux), 15 SP7 (SUSE Linux Enterprise Module for Server Applications), 8.8 Telecommunications Update Service (Red Hat Enterprise Linux), 8.8 Update Services for SAP Solutions (Red Hat Enterprise Linux), \u0434\u043e 2.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Redis Server), LTS 4.3 (SUSE Manager Proxy), LTS 4.3 (SUSE Manager Retail Branch Server), LTS 4.3 (SUSE Manager Server), 13 (Debian GNU/Linux), 16.0 (SUSE Linux Enterprise Server for SAP Applications), 8.4 Extended Update Support Long-Life Add-On (Red Hat Enterprise Linux), epel10 (Fedora EPEL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f HLL-\u043a\u043e\u043c\u0430\u043d\u0434;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-32023\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-32023\n\n\u0414\u043b\u044f Fedora:\nhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8cce4f2f71\nhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-79c2e0f87a\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2025-8e2eddc063\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2025-34895333b5\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2025-32023.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c:\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-3029",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.07.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08113",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-32023",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, SUSE Linux Enterprise Module for Server Applications, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, Redis, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Fedora, Redis Server, Fedora EPEL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP5 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS , Fedora Project Fedora 42 , Novell Inc. Suse Linux Enterprise Server 15 SP7 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP7 , Red Hat Inc. Red Hat Enterprise Linux 10 , Red Hat Inc. Red Hat Enterprise Linux 8.8 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 13 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 16.0 , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432 \u0431\u0443\u0444\u0435\u0440\u0435 \u043f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c HyperLogLog. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 HLL-\u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/valkey-io/valkey/tags\nhttps://www.opennet.ru/opennews/art.shtml?num=63537\nhttps://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43\nhttps://github.com/redis/redis\nhttps://t.me/c/1627154862/199238\nhttps://security-tracker.debian.org/tracker/CVE-2025-32023\nhttps://access.redhat.com/security/cve/cve-2025-32023\nhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8cce4f2f71\nhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-79c2e0f87a\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2025-8e2eddc063\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2025-34895333b5\nhttps://www.suse.com/security/cve/CVE-2025-32023.html\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-3029",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7)"
}

CVE-2025-32023 (GCVE-0-2025-32023)

Vulnerability from cvelistv5 – Published: 2025-07-07 15:22 – Updated: 2026-02-04 19:26

Title

Redis allows out of bounds writes in hyperloglog commands leading to RCE

Summary

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-680 - Integer Overflow to Buffer Overflow

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	redis	redis	Affected: >= 8.0.0, < 8.0.3 Affected: >= 7.4-rc1, < 7.4.5 Affected: >= 7.0.0, < 7.2.10 Affected: >= 2.8.0, < 6.2.19

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-08113

CVE-2025-32023 (GCVE-0-2025-32023)

Tags

Sightings

Nomenclature