CVE-2025-46686
LOWDescription
Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-46686? +
How severe is CVE-2025-46686? +
How do I check if I'm vulnerable to CVE-2025-46686? +
Related Vulnerabilities
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability …
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when …
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered …
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with …
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall …