CVE-2025-52935 | THREATINT

Description

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.

PUBLISHED Reserved 2025-06-23 | Published 2025-06-23 | Updated 2025-06-23 | Assigner GovTech CSG

CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

1.30.1 (git)

affected

1.30.0 (git)

affected

1.28.18 (git)

affected

Credits

TITAN Team (titancaproject@gmail.com) reporter

References

github.com/dragonflydb/dragonfly/pull/4996 patch third-party-advisory

github.com/...ommit/473e002c848eb312f23d84114eb4951a7c4af5a1 patch

cve.org (CVE-2025-52935)

nvd.nist.gov (CVE-2025-52935)

Download JSON