Source: valkey Version: 8.1.1+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: clone -1 -2 -3 Control: reassign -2 src:redis 5:8.0.0-2 Control: retitle -2 redis: CVE-2025-49112 Control: reassign -3 src:redict 7.3.2+ds-1 Control: retitle -3 redict: CVE-2025-49112 Control: forwarded -1 https://github.com/valkey-io/valkey/pull/2101
Hi, The following vulnerability was published for valkey (and same code in redict, redis seems present, cloning the bug for further evaluation in the respective sources). CVE-2025-49112[0]: | setDeferredReply in networking.c in Valkey through 8.1.1 has an | integer underflow for prev->size - prev->used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-49112 https://www.cve.org/CVERecord?id=CVE-2025-49112 [1] https://github.com/valkey-io/valkey/pull/2101 [2] https://github.com/valkey-io/valkey/commit/374718b2a365ca69f715d542709b7d71540b1387 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
