Bug 2442025 (CVE-2025-67733)
| Summary: | CVE-2025-67733 Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts. Successful exploitation could lead to corrupting or returning tampered data to other users on the same connection, impacting data integrity and availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2442219, 2442220 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-23 21:03:28 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:3443 https://access.redhat.com/errata/RHSA-2026:3443 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:3507 https://access.redhat.com/errata/RHSA-2026:3507 |