CVE-2025-49112

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783
https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886
https://github.com/valkey-io/valkey/pull/2101

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) setDeferredReply en networking.c en Valkey hasta 8.1.1 tiene un desbordamiento de entero para prev->size - prev->used.

02 Jun 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-02 05:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-49112

Mitre link : CVE-2025-49112

CVE.ORG link : CVE-2025-49112

JSON object : View

Products Affected

No product.

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

3.1 /10