CVE-2025-46686

Published July 23rd, 2025

View on NVD ↗

CVSS v3

3.5

LOW

CVSS v2

N/A

Affected

PROJECTS

Description

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

redis/redis

For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.

GitHub

75.1K

io-no/CVE-Reports

Repo containing reports and PoCs for a selection of vulnerabilities I have discovered and that have been assigned a CVE identifier.

GitHub