Skip to main content

Ubuntu EUVD-2025-16611

| CVE-2025-49112 LOW
Integer Underflow (CWE-191)
2025-06-02 cve@mitre.org
Information Disclosure Integer Overflow Debian Ubuntu
3.1
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 16:47 euvd
EUVD-2025-16611
Analysis Generated
Mar 14, 2026 - 16:47 vuln.today
CVE Published
Jun 02, 2025 - 05:15 nvd
LOW 3.1

DescriptionNVD

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

Analysis

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

Technical ContextAI

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Underflow (CWE-191).

RemediationAI

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

More from same product – last 7 days

CVE-2026-47269 HIGH
7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
CVE-2026-47271 MEDIUM
5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str
CVE-2026-45898
May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin
CVE-2026-45924
May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s
CVE-2026-45965
May 27

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when export_

Vendor StatusVendor

Ubuntu

Priority: Medium
redict
Release Status Version
focal DNE -
jammy DNE -
noble DNE -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -
redis
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -
valkey
Release Status Version
focal DNE -
jammy DNE -
upstream needs-triage -
noble released 7.2.11+dfsg1-0ubuntu0.2
plucky released 8.0.6+dfsg1-0ubuntu0.2
oracular ignored end of life, was needs-triage
questing released 8.1.4+dfsg1-0ubuntu0.2
USN-7893-1

Debian

Bug #1107212
redict
Release Status Fixed Version Urgency
forky, sid fixed 7.3.6+ds-1 -
(unstable) fixed 7.3.5+ds-1 unimportant
redis
Release Status Fixed Version Urgency
bullseye vulnerable 5:6.0.16-1+deb11u2 -
bullseye (security) vulnerable 5:6.0.16-1+deb11u8 -
bookworm, bookworm (security) vulnerable 5:7.0.15-1~deb12u6 -
trixie (security), trixie vulnerable 5:8.0.2-3+deb13u1 -
forky, sid vulnerable 5:8.0.5-1 -
(unstable) fixed (unfixed) unimportant
valkey
Release Status Fixed Version Urgency
trixie (security), trixie fixed 8.1.1+dfsg1-3+deb13u1 -
forky, sid fixed 8.1.4+dfsg1-1 -
(unstable) fixed 8.1.1+dfsg1-2 unimportant

Share

EUVD-2025-16611 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy