{"id":"CVE-2025-48367","summary":"Redis DoS Vulnerability due to bad connection error handling","details":"Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.","aliases":["BIT-keydb-2025-48367","BIT-redis-2025-48367","BIT-valkey-2025-48367","GHSA-4q32-c38c-pwgq"],"modified":"2026-03-20T12:43:48.824359Z","published":"2025-07-07T15:25:47.690Z","related":["ALSA-2025:11401","ALSA-2025:12006","ALSA-2025:12008","CGA-rw99-53w6-fp3f","MGASA-2025-0211","SUSE-SU-2025:02579-1","SUSE-SU-2025:02593-1","SUSE-SU-2025:02594-1","SUSE-SU-2025:02679-1","SUSE-SU-2025:02680-1","SUSE-SU-2025:02681-1","SUSE-SU-2025:03073-1","openSUSE-SU-2025:15318-1","openSUSE-SU-2025:15359-1"],"database_specific":{"cwe_ids":["CWE-770"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48367.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/6.2.19"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.2.10"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.4.5"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.0.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48367.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48367"},{"type":"FIX","url":"https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"e91a340e241cf0abe3c6a0c254214fbe4aa1d95f"},{"fixed":"b49d5c0cf4e96a277d4b4e98f61d10c792b37003"}],"database_specific":{"versions":[{"introduced":"8.0.0"},{"fixed":"8.0.3"}]}},{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"4606f91d5e31f69e8dadcf4125f386da6f942673"},{"fixed":"7e0f53393290f7c1f35596117b67748efad16580"}],"database_specific":{"versions":[{"introduced":"7.4-rc1"},{"fixed":"7.4.5"}]}},{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc"},{"fixed":"5a752e19782b9f8f80c7ef85e21cb47647954f09"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.2.10"}]}},{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"0"},{"fixed":"fa00bd2fff1533ad6e8483d9ce8868f383df2fbb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.2.19"}]}}],"versions":["1.3.6","2.2-alpha0","2.2-alpha1","2.2-alpha2","2.2-alpha3","2.2-alpha4","2.2-alpha5","2.2-alpha6","2.2.0-rc1","2.3-alpha0","3.0-alpha0","6.2-rc1","6.2-rc2","6.2-rc3","6.2.0","6.2.1","6.2.10","6.2.11","6.2.12","6.2.13","6.2.14","6.2.15","6.2.16","6.2.17","6.2.18","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.8","6.2.9","7.4-rc1","7.4-rc2","7.4.0","7.4.1","7.4.2","7.4.3","7.4.4","8.0.0","8.0.1","8.0.1-int","8.0.2","v1.3.10","v1.3.11","v1.3.12","v1.3.7","v1.3.8","v1.3.9","v2.0.0-rc1","v2.1.1-watch","vm-playpen","with-deprecated-diskstore"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}