CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52935 – Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
https://notcve.org/view.php?id=CVE-2025-52935
23 Jun 2025 — Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18. • https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26268
https://notcve.org/view.php?id=CVE-2025-26268
17 Apr 2025 — DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. • https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243 • CWE-392: Missing Report of Error Condition •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26269
https://notcve.org/view.php?id=CVE-2025-26269
17 Apr 2025 — DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. • https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308 • CWE-191: Integer Underflow (Wrap or Wraparound) •