53 matches found
OESA-2025-1474 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An...
Important: Red Hat Security Advisory: redis security update
An update for redis is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...
Fedora 40 : redis (2025-290b0c6e2b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-290b0c6e2b advisory. Redis 7.2.8 Released Wed 23 Apr 2025 12:00:00 IST Update urgency: SECURITY: There are security fixes in the release. Security fixes CVE-2025-21605 An...
Amazon Linux 2 : redis (ALASREDIS6-2025-012)
The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-012 advisory. Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An...
Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2025-949)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-949 advisory. Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the serve...
BIT-REDIS-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...
FreeBSD : redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (af8d043f-20df-11f0-b9c5-000c295725e4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the af8d043f-20df-11f0-b9c5-000c295725e4 advisory. Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal...
CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...
CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...
CVE-2025-21605
CVE-2025-21605 affects Redis where, in versions starting at 2.6 and before 7.4.3, an unauthenticated client can cause unlimited growth of the output buffer, exhausting memory and potentially crashing the server. The issue occurs because Redis’ default client-output-buffer-limit does not cap norma...
CVE-2020-27174
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...
RUSTSEC-2020-0043 Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory
Affected versions of this crate did not properly check and cap the growth of the outgoing buffer. This allows a remote attacker to take down the process by growing the buffer of their single connection until the process runs out of memory it can allocate and is killed. The flaw was corrected in t...