PT-2025-17489 · Apache · Apache Kvrocks
朱少扬
·
Published
2025-04-22
·
Updated
2025-06-23
·
CVE-2025-26413
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Kvrocks versions through 2.11.1
Description
The issue is related to improper input validation in the SETRANGE command, which fails to check if the
offset input is a positive integer. This can cause the server to crash due to an out-of-range index.Recommendations
For Apache Kvrocks versions through 2.11.1, upgrade to version 2.12.0 to fix the issue. As a temporary workaround, consider restricting the use of the SETRANGE command until the issue is resolved.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Kvrocks