DOC-5156 RS: Add CVE to 7.22 release notes draft

rrelledge · rrelledge · commit cef09d7e69d0 · 2025-04-28T11:20:41.000-05:00
diff --git a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-28.md b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-28.md
@@ -317,8 +317,14 @@ Some CVEs announced for open source Redis do not affect Redis Enterprise Softwar
 
 Redis Enterprise Software 7.22.0-28 supports open source Redis 7.4, 7.2, and 6.2. Below is the list of open source Redis CVEs fixed by version.
 
+Redis 7.4.x:
+
+- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service.
+
 Redis 7.2.x:
 
+- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service.
+
 - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution.
 
 - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes.
@@ -363,6 +369,8 @@ Redis 7.0.x:
 
 Redis 6.2.x:
 
+- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service.
+
 - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution.
 
 - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes.
