{"id":"UBUNTU-CVE-2025-49112","details":"setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-\u003esize - prev-\u003eused.","modified":"2026-04-14T10:49:15.054932Z","published":"2025-06-02T05:15:00Z","related":["USN-7893-1"],"upstream":["CVE-2025-49112"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-49112"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-49112"},{"type":"REPORT","url":"https://github.com/valkey-io/valkey/pull/2101"},{"type":"REPORT","url":"https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783"},{"type":"REPORT","url":"https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7893-1"}],"affected":[{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:2.6.13-1","2:2.6.16-3","2:2.8.0-1","2:2.8.2-1","2:2.8.4-2","2:2.8.4-2ubuntu0.2","2:2.8.4-2ubuntu0.2+esm1","2:2.8.4-2ubuntu0.2+esm2","2:2.8.4-2ubuntu0.2+esm3","2:2.8.4-2ubuntu0.2+esm4","2:2.8.4-2ubuntu0.2+esm5"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.8.4-2ubuntu0.2+esm5","binary_name":"redis-server"},{"binary_version":"2:2.8.4-2ubuntu0.2+esm5","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm5?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:3.0.3-3","2:3.0.5-1","2:3.0.5-2","2:3.0.5-3","2:3.0.5-4","2:3.0.6-1","2:3.0.6-1ubuntu0.2","2:3.0.6-1ubuntu0.3","2:3.0.6-1ubuntu0.4","2:3.0.6-1ubuntu0.4+esm1","2:3.0.6-1ubuntu0.4+esm2","2:3.0.6-1ubuntu0.4+esm3","2:3.0.6-1ubuntu0.4+esm4","2:3.0.6-1ubuntu0.4+esm5"],"ecosystem_specific":{"binaries":[{"binary_version":"2:3.0.6-1ubuntu0.4+esm5","binary_name":"redis-sentinel"},{"binary_version":"2:3.0.6-1ubuntu0.4+esm5","binary_name":"redis-server"},{"binary_version":"2:3.0.6-1ubuntu0.4+esm5","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm7?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:4.0.1-7","4:4.0.2-6","4:4.0.2-9","5:4.0.5-1","5:4.0.6-1","5:4.0.6-2","5:4.0.7-1","5:4.0.8-1","5:4.0.8-2","5:4.0.9-1","5:4.0.9-1ubuntu0.1","5:4.0.9-1ubuntu0.2","5:4.0.9-1ubuntu0.2+esm2","5:4.0.9-1ubuntu0.2+esm3","5:4.0.9-1ubuntu0.2+esm4","5:4.0.9-1ubuntu0.2+esm5","5:4.0.9-1ubuntu0.2+esm6","5:4.0.9-1ubuntu0.2+esm7"],"ecosystem_specific":{"binaries":[{"binary_version":"5:4.0.9-1ubuntu0.2+esm7","binary_name":"redis"},{"binary_version":"5:4.0.9-1ubuntu0.2+esm7","binary_name":"redis-sentinel"},{"binary_version":"5:4.0.9-1ubuntu0.2+esm7","binary_name":"redis-server"},{"binary_version":"5:4.0.9-1ubuntu0.2+esm7","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm4?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:5.0.5-2build1","5:5.0.6-1","5:5.0.7-1","5:5.0.7-2","5:5.0.7-2ubuntu0.1~esm1","5:5.0.7-2ubuntu0.1","5:5.0.7-2ubuntu0.1+esm1","5:5.0.7-2ubuntu0.1+esm2","5:5.0.7-2ubuntu0.1+esm3","5:5.0.7-2ubuntu0.1+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"5:5.0.7-2ubuntu0.1+esm4","binary_name":"redis"},{"binary_version":"5:5.0.7-2ubuntu0.1+esm4","binary_name":"redis-sentinel"},{"binary_version":"5:5.0.7-2ubuntu0.1+esm4","binary_name":"redis-server"},{"binary_version":"5:5.0.7-2ubuntu0.1+esm4","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1.1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:6.0.15-1","5:6.0.16-1","5:6.0.16-1build1","5:6.0.16-1ubuntu1","5:6.0.16-1ubuntu1+esm1","5:6.0.16-1ubuntu1+esm2","5:6.0.16-1ubuntu1.1","5:6.0.16-1ubuntu1.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"5:6.0.16-1ubuntu1.1+esm1","binary_name":"redis"},{"binary_version":"5:6.0.16-1ubuntu1.1+esm1","binary_name":"redis-sentinel"},{"binary_version":"5:6.0.16-1ubuntu1.1+esm1","binary_name":"redis-server"},{"binary_version":"5:6.0.16-1ubuntu1.1+esm1","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.4?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:7.0.12-1","5:7.0.14-1","5:7.0.14-2","5:7.0.15-1","5:7.0.15-1build1","5:7.0.15-1build2","5:7.0.15-1ubuntu0.24.04.1","5:7.0.15-1ubuntu0.24.04.2","5:7.0.15-1ubuntu0.24.04.3","5:7.0.15-1ubuntu0.24.04.4"],"ecosystem_specific":{"binaries":[{"binary_version":"5:7.0.15-1ubuntu0.24.04.4","binary_name":"redis"},{"binary_version":"5:7.0.15-1ubuntu0.24.04.4","binary_name":"redis-sentinel"},{"binary_version":"5:7.0.15-1ubuntu0.24.04.4","binary_name":"redis-server"},{"binary_version":"5:7.0.15-1ubuntu0.24.04.4","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"valkey","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.11+dfsg1-0ubuntu0.2"}]}],"versions":["7.2.5+dfsg1-2ubuntu4~24.04.1","7.2.7+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.2","7.2.8+dfsg1-0ubuntu0.24.04.3","7.2.10+dfsg1-0ubuntu0.1","7.2.11+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.2.11+dfsg1-0ubuntu0.2","binary_name":"valkey-redis-compat"},{"binary_version":"7.2.11+dfsg1-0ubuntu0.2","binary_name":"valkey-sentinel"},{"binary_version":"7.2.11+dfsg1-0ubuntu0.2","binary_name":"valkey-server"},{"binary_version":"7.2.11+dfsg1-0ubuntu0.2","binary_name":"valkey-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redict","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.3.2+ds-1","7.3.5+ds-1","7.3.5+ds-1ubuntu0.1","7.3.5+ds-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"7.3.5+ds-1ubuntu0.2","binary_name":"redict"},{"binary_version":"7.3.5+ds-1ubuntu0.2","binary_name":"redict-sentinel"},{"binary_version":"7.3.5+ds-1ubuntu0.2","binary_name":"redict-server"},{"binary_version":"7.3.5+ds-1ubuntu0.2","binary_name":"redict-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:7.0.15-3","5:7.0.15-3.1","5:8.0.2-3","5:8.0.2-3build1","5:8.0.2-3ubuntu0.25.10.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5:8.0.2-3ubuntu0.25.10.1","binary_name":"redis"},{"binary_version":"5:8.0.2-3ubuntu0.25.10.1","binary_name":"redis-sentinel"},{"binary_version":"5:8.0.2-3ubuntu0.25.10.1","binary_name":"redis-server"},{"binary_version":"5:8.0.2-3ubuntu0.25.10.1","binary_name":"redis-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}},{"package":{"name":"valkey","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.4+dfsg1-0ubuntu0.2"}]}],"versions":["8.0.2+dfsg1-1ubuntu1","8.1.1+dfsg1-2ubuntu1","8.1.3+dfsg1-0ubuntu1","8.1.3+dfsg1-0ubuntu2","8.1.4+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"8.1.4+dfsg1-0ubuntu0.2","binary_name":"valkey-sentinel"},{"binary_version":"8.1.4+dfsg1-0ubuntu0.2","binary_name":"valkey-server"},{"binary_version":"8.1.4+dfsg1-0ubuntu0.2","binary_name":"valkey-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-49112.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}