A extreme vulnerability in Apache bRPC has been found that enables attackers to crash providers via community exploitation, affecting all variations previous to 1.14.1.
The vulnerability, recognized as CVE-2025-54472 with “necessary” severity classification, stems from limitless reminiscence allocation within the Redis protocol parser part.
Key Takeaways1. Apache bRPC variations earlier than 1.14.1 have a Redis parser vulnerability.2. Attackers ship crafted packets with giant integers to set off reminiscence allocation failures.3. Improve or apply GitHub patch.
Apache bRPC Vulnerability
The basis reason behind this vulnerability lies within the bRPC Redis protocol parser’s dealing with of community knowledge.
When processing Redis protocol messages, the parser allocates reminiscence for arrays or strings based mostly on integer values learn straight from community packets with out correct validation.
Malicious actors can exploit this by transmitting specifically crafted knowledge packets containing excessively giant integer values, triggering a bad_alloc error that causes speedy service termination.
The vulnerability impacts important utilization situations, together with bRPC deployments functioning as Redis servers serving untrusted purchasers, and bRPC situations appearing as Redis purchasers connecting to probably compromised Redis providers.
The assault vector requires solely community entry to the goal service, making it notably harmful for internet-facing deployments.
Notably, Apache bRPC model 1.14.0 tried to handle this subject by implementing reminiscence allocation dimension limitations.
Nevertheless, the repair contained a important implementation flaw that allowed integer overflow situations to bypass the safety controls, leaving model 1.14.0 susceptible to exploitation via completely different integer ranges.
Tyler Zars receives credit score for locating and reporting this vulnerability.
Threat FactorsDetailsAffected ProductsApache bRPC all variations ImpactDenial of ServiceExploit Conditions– Community entry to focus on bRPC service- Service configured as Redis server with untrusted purchasers OR- Service configured as Redis consumer connecting to untrusted Redis serversSeverityImportant
Mitigations
Organizations can remediate this vulnerability via two main approaches. The beneficial resolution entails upgrading to Apache bRPC model 1.14.1, which implements correct bounds checking for reminiscence allocation requests.
Alternatively, directors can manually apply the accessible safety patch.
The carried out repair introduces a default most allocation restrict of 64MB per Redis parser operation, managed by the redis_max_allocation_size gflag parameter.
Organizations processing Redis requests or responses exceeding 64MB ought to alter this parameter accordingly to stop reliable operations from failing post-upgrade.
The Apache bRPC challenge has launched complete documentation and patches via their official channels, emphasizing the important nature of this safety replace for manufacturing environments dealing with untrusted community site visitors.
Equip your SOC with full entry to the most recent risk knowledge from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial
