CVE-2025-49112
LOWValkey < 8.1.1 - Integer Underflow in setDeferredReply
Title source: llmDescription
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
References (3)
Core 3
Core References
Various Sources
https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783
Various Sources
https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886
Issue Tracking
https://github.com/valkey-io/valkey/pull/2101
Scores
CVSS v3
3.1
EPSS
0.0020
EPSS Percentile
9.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-191
Status
published
Products (1)
Valkey/Valkey
< 8.1.1
Published
Jun 02, 2025
Tracked Since
Feb 18, 2026