OESA-2025-1850
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1850
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1850.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-1850
- Upstream
- Published
- 2025-07-18T14:49:20Z
- Modified
- 2025-08-12T05:50:26.327718Z
- Summary
- redis security update
- Details
-
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.
Security Fix(es):
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.(CVE-2025-32023)
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.(CVE-2025-48367)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS-SP2 / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2403sp2
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2403sp2.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp2.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp2.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2403sp2.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp2.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp2.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2403sp2.src.rpm"
]
}
openEuler:20.03-LTS-SP4 / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2003sp4
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2003sp4.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2003sp4.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2003sp4.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2003sp4.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2003sp4.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2003sp4.src.rpm"
]
}
openEuler:22.03-LTS-SP3 / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2203sp3
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2203sp3.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2203sp3.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2203sp3.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2203sp3.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2203sp3.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2203sp3.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2203sp3.src.rpm"
]
}
openEuler:22.03-LTS-SP4 / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2203sp4
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2203sp4.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2203sp4.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2203sp4.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2203sp4.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2203sp4.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2203sp4.src.rpm"
]
}
openEuler:24.03-LTS / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2403sp1
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2403sp2.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp2.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp2.aarch64.rpm",
"redis-7.2.10-1.oe2403.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2403.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2403.aarch64.rpm",
"redis-7.2.10-1.oe2403sp1.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp1.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2403sp2.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp2.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp2.x86_64.rpm",
"redis-7.2.10-1.oe2403.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2403.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2403.x86_64.rpm",
"redis-7.2.10-1.oe2403sp1.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp1.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp1.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2403sp2.src.rpm",
"redis-7.2.10-1.oe2403.src.rpm",
"redis-7.2.10-1.oe2403sp1.src.rpm"
]
}
openEuler:24.03-LTS-SP1 / redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10-1.oe2403sp1
Ecosystem specific
{
"aarch64": [
"redis-7.2.10-1.oe2403sp1.aarch64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp1.aarch64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"redis-7.2.10-1.oe2403sp1.x86_64.rpm",
"redis-debuginfo-7.2.10-1.oe2403sp1.x86_64.rpm",
"redis-debugsource-7.2.10-1.oe2403sp1.x86_64.rpm"
],
"src": [
"redis-7.2.10-1.oe2403sp1.src.rpm"
]
}