CVE-2025-26413

CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset

Vendor Apache Software Foundation

Product Apache Kvrocks

Weakness CWE-20 · Input validation

Published April 22, 2025

Last update May 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

Key dates

Disclosure timeline

April 22, 2025 CVE published

May 12, 2025 Record updated