CVE-2025-48367
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-48367
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-48367
- Aliases
-
- BIT-keydb-2025-48367
- BIT-redis-2025-48367
- BIT-valkey-2025-48367
- GHSA-4q32-c38c-pwgq
- Downstream
- Related
- Published
- 2025-07-07T16:15:24Z
- Modified
- 2025-09-09T05:56:25.135477Z
- Summary
- [none]
- Details
-
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
- References
-
- https://github.com/redis/redis/releases/tag/6.2.19
- https://github.com/redis/redis/releases/tag/7.2.10
- https://github.com/redis/redis/releases/tag/7.4.5
- https://github.com/redis/redis/releases/tag/8.0.3
- https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq
- https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2
- https://security.alpinelinux.org/vuln/CVE-2025-48367
- https://security-tracker.debian.org/tracker/CVE-2025-48367
Affected packages
Alpine:v3.22 / valkey
Package
- Name
- valkey
- Purl
- pkg:apk/alpine/valkey?arch=source
Debian:14 / redict
Package
- Name
- redict
- Purl
- pkg:deb/debian/redict?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.3.5+ds-1
Debian:11 / redis
Package
- Name
- redis
- Purl
- pkg:deb/debian/redis?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:6.0.16-1+deb11u7
Debian:12 / redis
Package
- Name
- redis
- Purl
- pkg:deb/debian/redis?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:7.0.15-1~deb12u5
Debian:13 / redis
Package
- Name
- redis
- Purl
- pkg:deb/debian/redis?arch=source
Debian:14 / redis
Package
- Name
- redis
- Purl
- pkg:deb/debian/redis?arch=source
Debian:13 / valkey
Package
- Name
- valkey
- Purl
- pkg:deb/debian/valkey?arch=source
Debian:14 / valkey
Package
- Name
- valkey
- Purl
- pkg:deb/debian/valkey?arch=source
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
6.*
6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
7.*
7.2-rc1
7.2-rc2
7.2-rc3
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.4-rc1
7.4-rc2
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
8.*
8.0-m01
8.0-m02
8.0-m03
8.0-m04
8.0-m04-int
8.0-rc1
8.0-rc1-int
8.0-rc1-int2
8.0-rc2-int
8.0.0
8.0.1
8.0.1-int
8.0.2
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore
Database specific
{
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"98936157602691914216690546985369772120",
"183733293261192172797368521731562795598",
"172020968814055321842044683497390447458",
"340217816218076505040900373037402792118"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-397c9ea3",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"file": "src/unix.c"
}
},
{
"digest": {
"function_hash": "25588904898412745021997180017669793625",
"length": 572.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-4ae9c739",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"function": "connUnixAcceptHandler",
"file": "src/unix.c"
}
},
{
"digest": {
"line_hashes": [
"118497525202188729795289243995684389941",
"297139365873333832823096195474994194716",
"130294221691368039320907907956125193330",
"340217816218076505040900373037402792118"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-6e7ba22e",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"file": "src/tls.c"
}
},
{
"digest": {
"line_hashes": [
"194353779569871489190513388971300796330",
"64572138291643432520115137763751579546"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-70ece57b",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"file": "src/anet.h"
}
},
{
"digest": {
"function_hash": "109122372632909548732783756535206333486",
"length": 1234.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-98350588",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"function": "clusterAcceptHandler",
"file": "src/cluster_legacy.c"
}
},
{
"digest": {
"line_hashes": [
"118497525202188729795289243995684389941",
"297139365873333832823096195474994194716",
"130294221691368039320907907956125193330",
"340217816218076505040900373037402792118"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-a16b8fd1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"file": "src/socket.c"
}
},
{
"digest": {
"function_hash": "206822357457243532625743742369653528667",
"length": 607.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-ad3ce5b7",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"function": "tlsAcceptHandler",
"file": "src/tls.c"
}
},
{
"digest": {
"line_hashes": [
"55515391537997998906568047533448697424",
"297139365873333832823096195474994194716",
"251971537945772704860889030980600989516",
"172545920549424859126988862928798573688"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-b33dbf1c",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"file": "src/cluster_legacy.c"
}
},
{
"digest": {
"function_hash": "327052520633560002766286879125101889945",
"length": 580.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-48367-d68a7061",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
"target": {
"function": "connSocketAcceptHandler",
"file": "src/socket.c"
}
}
]
}