{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_docker/alpinelinux3.23/vex/2025/cve-2025-46686-els_docker-alpinelinux3_23.json" } ], "tracking": { "current_release_date": "2026-06-23T02:21:51Z", "generator": { "date": "2026-06-23T02:21:51Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-46686-ELS_DOCKER-ALPINELINUX3.23", "initial_release_date": "2025-01-01T00:00:00Z", "revision_history": [ { "date": "2025-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-23T02:21:51Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2025-46686" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.23", "product": { "name": "Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.23:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "redis7-7.0.15.tuxcare.els7-r0.x86_64", "product": { "name": "redis7-7.0.15.tuxcare.els7-r0.x86_64", "product_id": "redis7-7.0.15.tuxcare.els7-r0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/redis7@7.0.15.tuxcare.els7-r0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64", "product": { "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64", "product_id": "redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/redis7-openrc@7.0.15.tuxcare.els7-r0?arch=x86_64&os_name=alpine&os_version=3.23" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "redis7-7.0.15.tuxcare.els7-r0.aarch64", "product": { "name": "redis7-7.0.15.tuxcare.els7-r0.aarch64", "product_id": "redis7-7.0.15.tuxcare.els7-r0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/redis7@7.0.15.tuxcare.els7-r0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "product": { "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "product_id": "redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/redis7-openrc@7.0.15.tuxcare.els7-r0?arch=aarch64&os_name=alpine&os_version=3.23" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "redis7-7.0.15.tuxcare.els7-r0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.x86_64" }, "product_reference": "redis7-7.0.15.tuxcare.els7-r0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "redis7-7.0.15.tuxcare.els7-r0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.aarch64" }, "product_reference": "redis7-7.0.15.tuxcare.els7-r0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64" }, "product_reference": "redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64" }, "product_reference": "redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-46686", "notes": [ { "category": "description", "text": "Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.", "title": "Vulnerability description" } ], "product_status": { "under_investigation": [ "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.aarch64", "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.x86_64", "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-46686" } ], "remediations": [ { "category": "none_available", "date": "2026-06-16T17:25:02.445872Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.aarch64", "Alpine-Linux-3.23:redis7-7.0.15.tuxcare.els7-r0.x86_64", "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.aarch64", "Alpine-Linux-3.23:redis7-openrc-7.0.15.tuxcare.els7-r0.x86_64" ] } ] } ] }