CVE-2025-48367

Source
https://cve.org/CVERecord?id=CVE-2025-48367
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48367.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-48367
Aliases
Downstream
Related
Published
2025-07-07T15:25:47.690Z
Modified
2026-06-18T18:09:06.780692Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Redis DoS Vulnerability due to bad connection error handling
Details

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48367.json"
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.2.19"
        },
        {
            "introduced": "7.0"
        },
        {
            "fixed": "7.2.10"
        },
        {
            "introduced": "7.4.0"
        },
        {
            "fixed": "7.4.5"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.3"
        }
    ],
    "cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
6.*
6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
7.*
7.2-rc1
7.2-rc2
7.2-rc3
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
8.*
8.0.0
8.0.1
8.0.1-int
8.0.2
v1.*
v1.3.10
v1.3.11
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48367.json"
vanir_signatures_modified
"2026-06-18T18:09:06Z"
vanir_signatures
[
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "file": "src/unix.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-397c9ea3",
        "digest": {
            "line_hashes": [
                "98936157602691914216690546985369772120",
                "183733293261192172797368521731562795598",
                "172020968814055321842044683497390447458",
                "340217816218076505040900373037402792118"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "function": "connUnixAcceptHandler",
            "file": "src/unix.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-4ae9c739",
        "digest": {
            "function_hash": "25588904898412745021997180017669793625",
            "length": 572.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "file": "src/tls.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-6e7ba22e",
        "digest": {
            "line_hashes": [
                "118497525202188729795289243995684389941",
                "297139365873333832823096195474994194716",
                "130294221691368039320907907956125193330",
                "340217816218076505040900373037402792118"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "file": "src/anet.h"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-70ece57b",
        "digest": {
            "line_hashes": [
                "194353779569871489190513388971300796330",
                "64572138291643432520115137763751579546"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "function": "clusterAcceptHandler",
            "file": "src/cluster_legacy.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-98350588",
        "digest": {
            "function_hash": "109122372632909548732783756535206333486",
            "length": 1234.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "file": "src/socket.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-a16b8fd1",
        "digest": {
            "line_hashes": [
                "118497525202188729795289243995684389941",
                "297139365873333832823096195474994194716",
                "130294221691368039320907907956125193330",
                "340217816218076505040900373037402792118"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "function": "tlsAcceptHandler",
            "file": "src/tls.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-ad3ce5b7",
        "digest": {
            "function_hash": "206822357457243532625743742369653528667",
            "length": 607.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "file": "src/cluster_legacy.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-b33dbf1c",
        "digest": {
            "line_hashes": [
                "55515391537997998906568047533448697424",
                "297139365873333832823096195474994194716",
                "251971537945772704860889030980600989516",
                "172545920549424859126988862928798573688"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2",
        "target": {
            "function": "connSocketAcceptHandler",
            "file": "src/socket.c"
        },
        "deprecated": false,
        "id": "CVE-2025-48367-d68a7061",
        "digest": {
            "function_hash": "327052520633560002766286879125101889945",
            "length": 580.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]