DEBIAN-CVE-2025-67733

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-67733

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-67733

Upstream

CVE-2025-67733

Published

2026-02-23T20:28:53.280Z

Modified

2026-02-26T11:15:48.034839Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

References

https://security-tracker.debian.org/tracker/CVE-2025-67733

Affected packages

Debian:11

redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1~bpo10+1

5:6.0.16-1~bpo11+1

5:6.0.16-1

5:6.0.16-1+deb11u1

5:6.0.16-1+deb11u2

5:6.0.16-1+deb11u3

5:6.0.16-1+deb11u4

5:6.0.16-1+deb11u5

5:6.0.16-1+deb11u6

5:6.0.16-1+deb11u7

5:6.0.16-1+deb11u8

5:6.0.16-2~bpo11+1

5:6.0.16-2

5:6.0.16-3

5:6.0.16-4~bpo11+1

5:6.0.16-4

5:6.2~rc1-1

5:6.2~rc1-2

5:6.2~rc1-3

5:6.2~rc2-1

5:6.2~rc2-2

5:6.2~rc3-1

5:6.2.0-1

5:6.2.1-1

5:6.2.2-1

5:6.2.3-1

5:6.2.4-1

5:6.2.5-1

5:6.2.5-2

5:6.2.5-3

5:6.2.5-4

5:6.2.6-1

5:7.*

5:7.0~rc1-1

5:7.0~rc2-1

5:7.0~rc2-2

5:7.0~rc3-1

5:7.0.0-1

5:7.0.1-1

5:7.0.1-2

5:7.0.1-3

5:7.0.1-4

5:7.0.2-1

5:7.0.2-2

5:7.0.3-1

5:7.0.4-1~bpo11+1

5:7.0.4-1

5:7.0.5-1~bpo11+1

5:7.0.5-1

5:7.0.7-1~bpo11+1

5:7.0.7-1

5:7.0.8-1

5:7.0.8-2

5:7.0.8-3

5:7.0.8-4

5:7.0.9-1

5:7.0.10-1~bpo11+1

5:7.0.10-1

5:7.0.11-1

5:7.0.12-1

5:7.0.12-2

5:7.0.13-1

5:7.0.13-2

5:7.0.14-1

5:7.0.14-2

5:7.0.15-1~deb12u1

5:7.0.15-1~deb12u2

5:7.0.15-1~deb12u3

5:7.0.15-1~deb12u4

5:7.0.15-1~deb12u5

5:7.0.15-1~deb12u6

5:7.0.15-1

5:7.0.15-2

5:7.0.15-3

5:7.0.15-3.1

5:7.2~rc1-1

5:7.2-rc2-1

5:7.2-rc3-1

5:7.2.0-1

5:7.2.0-2

5:7.2.1-1

5:7.2.1-2

5:7.2.2-1

5:7.2.2-2

5:7.2.3-1

5:7.2.4-1

5:7.2.5-1

5:7.2.5-2

5:7.2.5-3

5:8.*

5:8.0.0-1

5:8.0.0-2

5:8.0.2-2

5:8.0.2-3

5:8.0.4-1

5:8.0.5-1

5:8.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

Debian:12

redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.11-1

5:7.0.11-1+deb12u1

5:7.0.12-1

5:7.0.12-2

5:7.0.13-1

5:7.0.13-2

5:7.0.14-1

5:7.0.14-2

5:7.0.15-1~deb12u1

5:7.0.15-1~deb12u2

5:7.0.15-1~deb12u3

5:7.0.15-1~deb12u4

5:7.0.15-1~deb12u5

5:7.0.15-1~deb12u6

5:7.0.15-1

5:7.0.15-2

5:7.0.15-3

5:7.0.15-3.1

5:7.2~rc1-1

5:7.2-rc2-1

5:7.2-rc3-1

5:7.2.0-1

5:7.2.0-2

5:7.2.1-1

5:7.2.1-2

5:7.2.2-1

5:7.2.2-2

5:7.2.3-1

5:7.2.4-1

5:7.2.5-1

5:7.2.5-2

5:7.2.5-3

5:8.*

5:8.0.0-1

5:8.0.0-2

5:8.0.2-2

5:8.0.2-3

5:8.0.4-1

5:8.0.5-1

5:8.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

Debian:13

redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:8.*

5:8.0.2-3

5:8.0.2-3+deb13u1

5:8.0.4-1

5:8.0.5-1

5:8.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

valkey

Package

Name: valkey
Purl: pkg:deb/debian/valkey?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1+dfsg1-3

8.1.1+dfsg1-3+deb13u1

8.1.4+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

Debian:14

redict

Package

Name: redict
Purl: pkg:deb/debian/redict?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.0+ds-1

7.3.0+ds-2

7.3.0+ds-3~bpo12+1

7.3.0+ds-3

7.3.1+ds-1

7.3.2+ds-1~bpo12+1

7.3.2+ds-1

7.3.5+ds-1~bpo12+1

7.3.5+ds-1

7.3.6+ds-1~bpo12+1

7.3.6+ds-1~bpo13+1

7.3.6+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:8.*

5:8.0.2-3

5:8.0.4-1

5:8.0.5-1

5:8.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"

valkey

Package

Name: valkey
Purl: pkg:deb/debian/valkey?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1+dfsg1-3

8.1.4+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67733.json"