Replies: 1 comment 1 reply
-
|
We do not know if Dragonfly is affected but if you want to know - you can try and reproduce their test, see here: and run it on Dragonfly |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks for the info. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Description:
Redis has recently disclosed a critical security vulnerability (CVE-2025-32023) affecting versions 2.8 through 8.0.3 (including some branches). The vulnerability allows remote code execution (RCE) through specially crafted HyperLogLog operations, where authenticated users can trigger stack/heap out-of-bounds writes.
[Reference to Redis vulnerability announcement or CVE details]
Our environment runs DragonflyDB, and we need to assess whether we're exposed to similar risks.
DragonflyDB version: 1.26.0
Deployment environment: Kubernetes
Questions:
1.Does DragonflyDB use the same HyperLogLog implementation as Redis?
2.Is the current DragonflyDB version affected by this vulnerability?
3.Are there any recommended mitigation measures (e.g., version upgrade or ACL restrictions) for DragonflyDB?
Expected Response:
1.Confirmation whether DragonflyDB is affected by this vulnerability.
2.If affected: Official guidance on remediation (e.g., upgrade path or temporary workarounds).
3.If not affected: Explanation of why (e.g., implementation differences or existing protections).
Beta Was this translation helpful? Give feedback.
All reactions