oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset

From: Hulk Lin <hulk () apache org>
Date: Tue, 22 Apr 2025 05:36:49 +0000
Severity: moderate

Affected versions:

- Apache Kvrocks through 2.11.1

Description:

Improper Input Validation vulnerability in Apache Kvrocks.

The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index
of a string. So it will cause the server to crash due to its index is  out of range.
This issue affects Apache Kvrocks: through 2.11.1.

Users are recommended to upgrade to version 2.12.0, which fixes the issue.

Credit:

朱少扬 (reporter)

References:

https://kvrocks.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-26413
Previous By Date Next
Previous By Thread Next

Current thread: