Source: redis
Version: 5:8.0.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc:
[email protected], Debian Security Team <
[email protected]>
Hi,
The following vulnerability was published for redis.
CVE-2025-48367[0]:
| Redis is an open source, in-memory database that persists on disk.
| An unauthenticated connection can cause repeated IP protocol errors,
| leading to client starvation and, ultimately, a denial of service.
| This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2025-48367
https://www.cve.org/CVERecord?id=CVE-2025-48367
[1]
https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq
[2]
https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)