{
  "threat_severity" : "Low",
  "public_date" : "2025-06-02T00:00:00Z",
  "bugzilla" : {
    "description" : "valkey: Valkey Integer Underflow Vulnerability",
    "id" : "2369697",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2369697"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-191",
  "details" : [ "setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.", "A flaw was found in valkey. An integer underflow in the `setDeferredReply` function of `networking.c` allows an adjacent network attacker to potentially trigger unexpected behavior. This underflow occurs when calculating `prev->size - prev->used`, leading to a condition that may result in a denial of service. The vulnerability is triggered by processing a specially crafted network packet." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "valkey",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-49112\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49112\nhttps://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783\nhttps://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886\nhttps://github.com/valkey-io/valkey/pull/2101" ],
  "name" : "CVE-2025-49112",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}