CVE-2025-48367

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

References

Affected packages

Alpine:v3.22 / valkey

Package

Name: valkey
Purl: pkg:apk/alpine/valkey?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1-r2

Affected versions

7.*

7.2.5-r0

7.2.5-r1

7.2.5-r2

7.2.7-r0

7.2.8-r0

7.2.9-r0

8.*

8.1.1-r0

8.1.1-r1

Debian:11 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:6.0.16-1+deb11u7

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1~bpo10+1

5:6.0.16-1~bpo11+1

5:6.0.16-1

5:6.0.16-1+deb11u1

5:6.0.16-1+deb11u2

5:6.0.16-1+deb11u3

5:6.0.16-1+deb11u4

5:6.0.16-1+deb11u5

5:6.0.16-1+deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.15-1~deb12u5

Affected versions

5:7.*

5:7.0.11-1

5:7.0.11-1+deb12u1

5:7.0.12-1

5:7.0.12-2

5:7.0.13-1

5:7.0.13-2

5:7.0.14-1

5:7.0.14-2

5:7.0.15-1~deb12u1

5:7.0.15-1~deb12u2

5:7.0.15-1~deb12u3

5:7.0.15-1~deb12u4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:8.0.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / valkey

Package

Name: valkey
Purl: pkg:deb/debian/valkey?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/redis/redis

Affected ranges

Type: GIT
Repo: https://github.com/redis/redis
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5a752e19782b9f8f80c7ef85e21cb47647954f09

Fixed

7e0f53393290f7c1f35596117b67748efad16580

Fixed

b49d5c0cf4e96a277d4b4e98f61d10c792b37003

Fixed

bde62951accfc4bb0a516276fd0b4b307e140ce2

Fixed

fa00bd2fff1533ad6e8483d9ce8868f383df2fbb

Affected versions

1.*

1.3.6

2.*

2.2-alpha0

2.2-alpha1

2.2-alpha2

2.2-alpha3

2.2-alpha4

2.2-alpha5

2.2-alpha6

2.2.0-rc1

2.3-alpha0

3.*

3.0-alpha0

6.*

6.2-rc1

6.2-rc2

6.2-rc3

6.2.0

6.2.1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.14

6.2.15

6.2.16

6.2.17

6.2.18

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

7.*

7.2-rc1

7.2-rc2

7.2-rc3

7.2.0

7.2.1

7.2.2

7.2.3

7.2.4

7.2.5

7.2.6

7.2.7

7.2.8

7.2.9

7.4-rc1

7.4-rc2

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

8.*

8.0-m01

8.0-m02

8.0-m03

8.0-m04

8.0-m04-int

8.0-rc1

8.0-rc1-int

8.0-rc1-int2

8.0-rc2-int

8.0.0

8.0.1

8.0.1-int

8.0.2

v1.*

v1.3.10

v1.3.11

v1.3.12

v1.3.7

v1.3.8

v1.3.9

v2.*

v2.0.0-rc1

v2.1.1-watch

Other

vm-playpen

with-deprecated-diskstore