CVE-2025-26269
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DragonflyDB | Dragonfly | 0 <= 1.28.2 | affected |
Weaknesses
- CWE-191: CWE-191 Integer Underflow (Wrap or Wraparound)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/dragonflydb/dragonfly/issues/4468
- https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308
- https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.