CRITICAL🇵🇱 Wersja polska

CVE-2026-46752

CVSS 10.0v4.0pub. 2026-06-25

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

🤖 AI Analysis
How it works

The error consists of a heap buffer overflow in the cjson library, which is used to handle JSON format in Lua scripts embedded in Apache Kvrocks. An attacker can send specially crafted input data causing a write outside the boundaries of the allocated heap buffer. This can lead to process memory corruption and potentially to arbitrary code execution.

Impact

A remote, unauthenticated attacker can cause arbitrary code execution on the server (RCE), as well as compromise the confidentiality, integrity and availability of both the attacked system and systems associated with it.

Mitigation & patch

Apache Kvrocks should be updated to version 2.16.0 as soon as possible, which fixes the described vulnerability. Details are available in the vendor's references.

Who is affected

Apache Kvrocks in versions from 2.0.4 to 2.15.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References