{"id":"CVE-2025-48367","summary":"Redis DoS Vulnerability due to bad connection error handling","details":"Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.","aliases":["BIT-keydb-2025-48367","BIT-redis-2025-48367","BIT-valkey-2025-48367","GHSA-4q32-c38c-pwgq"],"modified":"2026-06-18T18:09:06.780692Z","published":"2025-07-07T15:25:47.690Z","related":["ALSA-2025:11401","ALSA-2025:12006","ALSA-2025:12008","CGA-rw99-53w6-fp3f","SUSE-SU-2025:02579-1","SUSE-SU-2025:02593-1","SUSE-SU-2025:02594-1","SUSE-SU-2025:02679-1","SUSE-SU-2025:02680-1","SUSE-SU-2025:02681-1","SUSE-SU-2025:03073-1","openSUSE-SU-2025:15318-1","openSUSE-SU-2025:15359-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48367.json","cwe_ids":["CWE-770"]},"references":[{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/6.2.19"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.2.10"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.4.5"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.0.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48367.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48367"},{"type":"FIX","url":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"0"},{"fixed":"fa00bd2fff1533ad6e8483d9ce8868f383df2fbb"},{"introduced":"d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc"},{"fixed":"5a752e19782b9f8f80c7ef85e21cb47647954f09"},{"introduced":"c9d29f6a918c335bc1778d9f68e521c1bbb36a0f"},{"fixed":"7e0f53393290f7c1f35596117b67748efad16580"},{"introduced":"e91a340e241cf0abe3c6a0c254214fbe4aa1d95f"},{"fixed":"b49d5c0cf4e96a277d4b4e98f61d10c792b37003"},{"fixed":"bde62951accfc4bb0a516276fd0b4b307e140ce2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"6.2.19"},{"introduced":"7.0"},{"fixed":"7.2.10"},{"introduced":"7.4.0"},{"fixed":"7.4.5"},{"introduced":"8.0.0"},{"fixed":"8.0.3"}],"cpe":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["7.2.9","6.2.18","7.4.4","8.0.2","8.0.1","7.2.8","7.4.3","8.0.1-int","8.0.0","7.4.2","7.2.7","6.2.17","7.2.6","7.4.1","6.2.16","6.2.15","6.2.14","7.4.0","7.2.5","7.2.4","7.2.3","7.2.2","7.2.1","6.2.13","7.2.0","7.2-rc3","7.2-rc2","6.2.12","7.2-rc1","6.2.11","6.2.10","6.2.9","6.2.8","6.2.7","6.2.6","6.2.5","6.2.4","6.2.3","6.2.2","6.2.1","6.2.0","6.2-rc3","6.2-rc2","6.2-rc1","2.3-alpha0","2.2.0-rc1","2.2-alpha6","2.2-alpha5","2.2-alpha4","2.2-alpha3","2.2-alpha2","2.2-alpha1","2.2-alpha0","v2.0.0-rc1","v2.1.1-watch","v1.3.11","v1.3.10","v1.3.9","v1.3.8","v1.3.7","1.3.6","vm-playpen"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"CVE-2025-48367-397c9ea3","target":{"file":"src/unix.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["98936157602691914216690546985369772120","183733293261192172797368521731562795598","172020968814055321842044683497390447458","340217816218076505040900373037402792118"]},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Function","deprecated":false,"id":"CVE-2025-48367-4ae9c739","target":{"function":"connUnixAcceptHandler","file":"src/unix.c"},"signature_version":"v1","digest":{"function_hash":"25588904898412745021997180017669793625","length":572},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Line","deprecated":false,"id":"CVE-2025-48367-6e7ba22e","target":{"file":"src/tls.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["118497525202188729795289243995684389941","297139365873333832823096195474994194716","130294221691368039320907907956125193330","340217816218076505040900373037402792118"]},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Line","deprecated":false,"id":"CVE-2025-48367-70ece57b","target":{"file":"src/anet.h"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["194353779569871489190513388971300796330","64572138291643432520115137763751579546"]},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Function","deprecated":false,"id":"CVE-2025-48367-98350588","target":{"function":"clusterAcceptHandler","file":"src/cluster_legacy.c"},"signature_version":"v1","digest":{"function_hash":"109122372632909548732783756535206333486","length":1234},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Line","deprecated":false,"id":"CVE-2025-48367-a16b8fd1","target":{"file":"src/socket.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["118497525202188729795289243995684389941","297139365873333832823096195474994194716","130294221691368039320907907956125193330","340217816218076505040900373037402792118"]},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Function","deprecated":false,"id":"CVE-2025-48367-ad3ce5b7","target":{"function":"tlsAcceptHandler","file":"src/tls.c"},"signature_version":"v1","digest":{"function_hash":"206822357457243532625743742369653528667","length":607},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Line","deprecated":false,"id":"CVE-2025-48367-b33dbf1c","target":{"file":"src/cluster_legacy.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["55515391537997998906568047533448697424","297139365873333832823096195474994194716","251971537945772704860889030980600989516","172545920549424859126988862928798573688"]},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"},{"signature_type":"Function","deprecated":false,"id":"CVE-2025-48367-d68a7061","target":{"function":"connSocketAcceptHandler","file":"src/socket.c"},"signature_version":"v1","digest":{"function_hash":"327052520633560002766286879125101889945","length":580},"source":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"}],"vanir_signatures_modified":"2026-06-18T18:09:06Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}