UBUNTU-CVE-2025-46686

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-46686

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46686.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-46686

Upstream

CVE-2025-46686

Published

2025-07-23T19:15:00Z

Modified

2025-10-16T17:27:48Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

References

Affected packages

Ubuntu:22.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1

5:6.0.16-1build1

5:6.0.16-1ubuntu1

5:6.0.16-1ubuntu1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:6.0.16-1ubuntu1.1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1.1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1.1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1.1",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:24.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.12-1

5:7.0.14-1

5:7.0.14-2

5:7.0.15-1

5:7.0.15-1build1

5:7.0.15-1build2

5:7.0.15-1ubuntu0.24.04.1

5:7.0.15-1ubuntu0.24.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.2",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.2",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.2",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.2",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:25.04

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:7.0.15-3ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.15-1build2

5:7.0.15-2

5:7.0.15-3

5:7.0.15-3ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:7.0.15-3ubuntu0.1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.15-3ubuntu0.1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.15-3ubuntu0.1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.15-3ubuntu0.1",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:25.10

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.15-3

5:7.0.15-3.1

5:8.*

5:8.0.2-3

5:8.0.2-3build1

5:8.0.2-3ubuntu0.25.10.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:8.0.2-3ubuntu0.25.10.1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:8.0.2-3ubuntu0.25.10.1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:8.0.2-3ubuntu0.25.10.1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:8.0.2-3ubuntu0.25.10.1",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:14.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.6.13-1

2:2.6.16-3

2:2.8.0-1

2:2.8.2-1

2:2.8.4-2

2:2.8.4-2ubuntu0.2

2:2.8.4-2ubuntu0.2+esm1

2:2.8.4-2ubuntu0.2+esm2

2:2.8.4-2ubuntu0.2+esm3

2:2.8.4-2ubuntu0.2+esm4

2:2.8.4-2ubuntu0.2+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm5",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm5",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:16.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm4?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:3.*

2:3.0.3-3

2:3.0.5-1

2:3.0.5-2

2:3.0.5-3

2:3.0.5-4

2:3.0.6-1

2:3.0.6-1ubuntu0.2

2:3.0.6-1ubuntu0.3

2:3.0.6-1ubuntu0.4

2:3.0.6-1ubuntu0.4+esm1

2:3.0.6-1ubuntu0.4+esm2

2:3.0.6-1ubuntu0.4+esm3

2:3.0.6-1ubuntu0.4+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm4",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm4",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm4",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm6?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:4.*

4:4.0.1-7

4:4.0.2-6

4:4.0.2-9

5:4.*

5:4.0.5-1

5:4.0.6-1

5:4.0.6-2

5:4.0.7-1

5:4.0.8-1

5:4.0.8-2

5:4.0.9-1

5:4.0.9-1ubuntu0.1

5:4.0.9-1ubuntu0.2

5:4.0.9-1ubuntu0.2+esm2

5:4.0.9-1ubuntu0.2+esm3

5:4.0.9-1ubuntu0.2+esm4

5:4.0.9-1ubuntu0.2+esm5

5:4.0.9-1ubuntu0.2+esm6

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm6",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm6",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm6",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm6",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:20.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm4?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:5.*

5:5.0.5-2build1

5:5.0.6-1

5:5.0.7-1

5:5.0.7-2

5:5.0.7-2ubuntu0.1~esm1

5:5.0.7-2ubuntu0.1

5:5.0.7-2ubuntu0.1+esm1

5:5.0.7-2ubuntu0.1+esm2

5:5.0.7-2ubuntu0.1+esm3

5:5.0.7-2ubuntu0.1+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm4",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm4",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm4",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm4",
            "binary_name": "redis-tools"
        }
    ]
}