GHSA-8x67-x273-g37h
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:D/RE:L/U:Amber
Network-reachable command requires at minimum ability to issue commands (PR:L assumed for Redis-compatible auth); DoS-only impact, no confidentiality or integrity effect.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:D/RE:L/U:Amber
Lifecycle Timeline
2Description PRE-NVD
AnalysisAI
Remote denial-of-service in Apache Kvrocks via an integer overflow in the RESTORE command's IntSet deserialization path. An attacker who can send commands to a Kvrocks instance can supply a crafted RDB-serialized IntSet payload to the RESTORE command, triggering an integer overflow that crashes the server process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have the ability to send commands to the Kvrocks instance over the network - either because authentication is disabled (no requirepass configured, a non-default but common development/internal deployment pattern) or because they possess valid Kvrocks credentials. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No NVD CVSS vector, EPSS score, or KEV listing is available as this is a pre-NVD disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a Kvrocks instance - either through a misconfigured public-facing deployment or via compromised internal network access - sends a single RESTORE command containing a maliciously crafted RDB-serialized IntSet payload with a manipulated length field designed to trigger an integer overflow during deserialization. The overflow causes an incorrect memory operation (under-allocation or bounds miscalculation) in the Kvrocks process, resulting in a crash and immediate denial of service for all clients connected to the instance. … |
| Remediation | Upgrade to the fixed version of Apache Kvrocks as released by the Apache Software Foundation - the exact patched version number is not available in the current pre-NVD disclosure and should be obtained from the official oss-security post at https://www.openwall.com/lists/oss-security/2026/06/25 and the Apache Kvrocks project release page. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Apache Kvrocks and assess network exposure of each instance; implement firewall rules to restrict command access to trusted networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39331