{"schema_version": "1.6.1", "id": "CVE-2025-26413", "summary": "The server was crashed by the negative offset", "details": "Improper Input Validation vulnerability in Apache Kvrocks.\n\nThe SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index\nof a string. So it will cause the server to crash due to its index is  out of range.\nThis issue affects Apache Kvrocks: through 2.11.1.\n\nUsers are recommended to upgrade to version 2.12.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/388743qrr8yq8qm0go8tls6rf1kog8dw"}]}