{"id":6073,"date":"2025-08-12T10:03:37","date_gmt":"2025-08-12T10:03:37","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/08\/12\/apache-brpc-vulnerability-allows-attackers-to-crash-the-service-via-network\/"},"modified":"2025-08-12T10:03:37","modified_gmt":"2025-08-12T10:03:37","slug":"apache-brpc-vulnerability-allows-attackers-to-crash-the-service-via-network","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/08\/12\/apache-brpc-vulnerability-allows-attackers-to-crash-the-service-via-network\/","title":{"rendered":"Apache bRPC Vulnerability Allows Attackers to Crash the Service via Network"},"content":{"rendered":"<p>    Apache bRPC Vulnerability Allows Attackers to Crash the Service via Network<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A severe vulnerability in Apache bRPC has been discovered that allows attackers to crash services through network exploitation, affecting all versions prior to 1.14.1.\u00a0<\/p>\n<p>The vulnerability, identified as CVE-2025-54472 with \u201cimportant\u201d severity classification, stems from unlimited memory allocation in the Redis protocol parser component.<\/p>\n<pre class=\"wp-block-preformatted\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Key Takeaways<\/mark><\/strong><br>1. Apache bRPC versions before 1.14.1 have a Redis parser vulnerability.<br>2.\u00a0 Attackers send crafted packets with large integers to trigger memory allocation failures.<br>3. Upgrade or apply GitHub patch.<\/pre>\n<h2 class=\"wp-block-heading\" id=\"h-apache-brpc-vulnerability\"><strong>Apache bRPC Vulnerability<\/strong><\/h2>\n<p>The root cause of this vulnerability lies in the bRPC Redis protocol parser\u2019s handling of network data.\u00a0<\/p>\n<p>When processing <a href=\"https:\/\/cybersecuritynews.com\/tag\/redis-instance\/\" target=\"_blank\" rel=\"noreferrer noopener\">Redis protocol<\/a> messages, the parser allocates memory for arrays or strings based on integer values read directly from network packets without proper validation.\u00a0<\/p>\n<p>Malicious actors can exploit this by transmitting specially crafted data packets containing excessively large integer values, triggering a bad_alloc error that causes immediate service termination.<\/p>\n<p>The vulnerability affects critical usage scenarios, including bRPC deployments functioning as Redis servers serving untrusted clients, and bRPC instances acting as Redis clients connecting to potentially compromised Redis services.\u00a0<\/p>\n<p>The attack vector requires only network access to the target service, making it particularly dangerous for internet-facing deployments.<\/p>\n<p>Notably, Apache bRPC version 1.14.0 attempted to address this issue by implementing memory allocation size limitations.\u00a0<\/p>\n<p>However, the fix contained a critical implementation flaw that allowed integer overflow conditions to bypass the security controls, leaving version 1.14.0 vulnerable to exploitation through different integer ranges.<\/p>\n<p>Tyler Zars receives credit for discovering and reporting this vulnerability.<\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>Risk Factors<\/strong><\/td>\n<td><strong>Details<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Affected Products<\/td>\n<td>Apache bRPC all versions &lt; 1.14.1 (all platforms)<\/td>\n<\/tr>\n<tr>\n<td>Impact<\/td>\n<td>Denial of Service<\/td>\n<\/tr>\n<tr>\n<td>Exploit Prerequisites<\/td>\n<td>\u2013 Network access to target bRPC service- Service configured as Redis server with untrusted clients OR- Service configured as Redis client connecting to untrusted Redis servers<\/td>\n<\/tr>\n<tr>\n<td>Severity<\/td>\n<td>Important<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-mitigations\"><strong>Mitigations<\/strong><\/h2>\n<p>Organizations can remediate this vulnerability through two primary approaches. The recommended solution involves upgrading to Apache bRPC version 1.14.1, which implements proper bounds checking for memory allocation requests.\u00a0<\/p>\n<p>Alternatively, administrators can manually apply the available <a href=\"https:\/\/github.com\/apache\/brpc\/pull\/3050\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">security patch<\/a>.<\/p>\n<p>The implemented fix introduces a default maximum allocation limit of 64MB per Redis parser operation, controlled by the redis_max_allocation_size gflag parameter.\u00a0<\/p>\n<p>Organizations processing Redis requests or responses exceeding 64MB should adjust this parameter accordingly to prevent legitimate operations from failing post-upgrade.<\/p>\n<p>The Apache bRPC project has released comprehensive documentation and patches through their official channels, emphasizing the critical nature of this security update for production environments handling untrusted network traffic.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 96%,rgb(169,184,195) 100%)\">Equip your SOC with full access to the latest threat data from <strong>ANY.RUN TI Lookup<\/strong> that can Improve incident response -&gt; <strong><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=csn_aug&amp;utm_medium=article&amp;utm_campaign=how-to-get-real-time-iocs&amp;utm_content=feeds-cta1&amp;utm_term=050825#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Get 14-day\u00a0Free\u00a0Trial<\/a><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/apache-brpc-vulnerability\/\">Apache bRPC Vulnerability Allows Attackers to Crash the Service via Network<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Florence Nightingale<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/apache-brpc-vulnerability\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apache bRPC Vulnerability Allows Attackers to Crash the Service via Network A severe vulnerability in Apache bRPC has been discovered that allows attackers to crash services through network exploitation, affecting all versions prior to 1.14.1.\u00a0 The vulnerability, identified as CVE-2025-54472 with \u201cimportant\u201d severity classification, stems from unlimited memory allocation in the Redis protocol parser component. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-6073","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6073"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=6073"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6073\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=6073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=6073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=6073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}