12 matches found
SUSE-SU-2026:0383-1 Security update for rekor
This update for rekor fixes the following issues: Security fixes: - CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory bsc1248910 - CVE-2025-29923: Fixed potential out of order responses when CLIENT SETINFO times out during connection establishment bsc1241153 Other fixes: - Update to...
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
...
SUSE CVE-2025-29923
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
Unexpected Status Code Or Return Value
go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...
GO-2025-3540 Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis
Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis...
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Impact The issue only occurs when the CLIENT SETINFO command times out during connection establishment. The following circumstances can cause such a timeout: 1. The client is configured to transmit its identity. This can be disabled via the DisableIndentity flag. 2. There are network connectivity...
GHSA-92CP-5422-2MW7 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Impact The issue only occurs when the CLIENT SETINFO command times out during connection establishment. The following circumstances can cause such a timeout: 1. The client is configured to transmit its identity. This can be disabled via the DisableIndentity flag. 2. There are network connectivity...
AZL-59156 CVE-2025-29923 affecting package telegraf 1.31.0-15
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
AZL-59192 CVE-2025-29923 affecting package keda for versions less than 2.14.1-5
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
UBUNTU-CVE-2025-29923
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
Unexpected Status Code or Return Value
Overview Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in initConn, which causes out of order responses when CLIENT SETINFO times out while establishing a connection. Workaround This vulnerability can be avoided by setting DisableIndentity to true when...