UBUNTU-CVE-2025-67733

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-67733

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67733.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-67733

Upstream

CVE-2025-67733

Published

2026-02-23T20:28:00Z

Modified

2026-02-28T06:25:05.280942Z

Severity

8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H CVSS Calculator
7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

References

Affected packages

Ubuntu:24.04:LTS / valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2.5+dfsg1-2ubuntu4~24.04.1

7.2.7+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.2

7.2.8+dfsg1-0ubuntu0.24.04.3

7.2.10+dfsg1-0ubuntu0.1

7.2.11+dfsg1-0ubuntu0.1

7.2.11+dfsg1-0ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "valkey-redis-compat",
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2"
        },
        {
            "binary_name": "valkey-sentinel",
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2"
        },
        {
            "binary_name": "valkey-server",
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2"
        },
        {
            "binary_name": "valkey-tools",
            "binary_version": "7.2.11+dfsg1-0ubuntu0.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67733.json"

Ubuntu:25.10 / valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.2+dfsg1-1ubuntu1

8.1.1+dfsg1-2ubuntu1

8.1.3+dfsg1-0ubuntu1

8.1.3+dfsg1-0ubuntu2

8.1.4+dfsg1-0ubuntu0.1

8.1.4+dfsg1-0ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "valkey-sentinel",
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2"
        },
        {
            "binary_name": "valkey-server",
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2"
        },
        {
            "binary_name": "valkey-tools",
            "binary_version": "8.1.4+dfsg1-0ubuntu0.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-67733.json"