Security Bulletin: Due to the use of go-redis, IBM watsonx.ai on Cloud Pak for Data is vulnerable to out of order response during time-outs

Summary IBM watsonx.ai on Cloud Pak for Data internally uses go-redis CVE-2025-29923 Vulnerability Details CVEID:CVE-2025-29923 DESCRIPTION: go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order...

Linux Distros Unpatched Vulnerability : CVE-2025-29923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when...

Unexpected Status Code Or Return Value

go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...

GHSA-92CP-5422-2MW7 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

Impact The issue only occurs when the CLIENT SETINFO command times out during connection establishment. The following circumstances can cause such a timeout: 1. The client is configured to transmit its identity. This can be disabled via the DisableIndentity flag. 2. There are network connectivity...