BIT-keydb-2026-25243

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/keydb/BIT-keydb-2026-25243.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-keydb-2026-25243

Aliases

Published

2026-05-07T11:43:05.710Z

Modified

2026-05-07T12:26:25.304685978Z

Summary

redis-server RESTORE invalid memory access may allow remote code execution

Details

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / keydb

Package

Name: keydb
Purl: pkg:bitnami/keydb

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.22

Introduced

7.0.0

Fixed

7.2.14

Introduced

7.3.0

Fixed

7.4.9

Introduced

8.0.0

Fixed

8.2.6

Introduced

8.3.0

Fixed

8.4.3

Introduced

8.5.0

Fixed

8.6.3

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/keydb/BIT-keydb-2026-25243.json"