diff --git a/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-121.md b/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-121.md index 156400d1ea..4ba5c65e3c 100644 --- a/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-121.md +++ b/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-121.md @@ -98,6 +98,8 @@ Redis Enterprise 6.4.2-121 supports open source Redis 6.2 and 6.0. Below is the Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. diff --git a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-122.md b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-122.md index dc7e7da824..b43b2d2e48 100644 --- a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-122.md +++ b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-122.md @@ -97,6 +97,8 @@ Redis Enterprise 7.2.4-122 supports open source Redis 7.2, 6.2, and 6.0. Below i Redis 7.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. @@ -141,6 +143,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. diff --git a/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-232.md b/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-232.md index 221aca3854..6825090125 100644 --- a/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-232.md +++ b/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-232.md @@ -219,6 +219,8 @@ Redis Enterprise 7.4.6-232 supports open source Redis 7.2, 6.2, and 6.0. Below i Redis 7.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. @@ -263,6 +265,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-95.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-95.md index 473599c4b0..cab8a0f325 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-95.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-4-95.md @@ -143,8 +143,14 @@ Some CVEs announced for open source Redis do not affect Redis Software due to di Redis Software 7.8.4-95 supports open source Redis 7.4, 7.2, and 6.2. Below is the list of open source Redis CVEs fixed by version. +Redis 7.4.x: + +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + Redis 7.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. @@ -189,6 +195,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-13.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-13.md index 93e40a56f9..613a902255 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-13.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-13.md @@ -186,8 +186,14 @@ Some CVEs announced for open source Redis do not affect Redis Software due to di Redis Software 7.8.6-13 supports open source Redis 7.4, 7.2, and 6.2. Below is the list of open source Redis CVEs fixed by version. +Redis 7.4.x: + +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + Redis 7.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. @@ -232,6 +238,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-36.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-36.md index 3dea4f156b..273169b759 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-36.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-36.md @@ -135,8 +135,14 @@ Some CVEs announced for open source Redis do not affect Redis Software due to di Redis Software 7.8.6-36 supports open source Redis 7.4, 7.2, and 6.2. Below is the list of open source Redis CVEs fixed by version. +Redis 7.4.x: + +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + Redis 7.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes. @@ -181,6 +187,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. + - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. - (CVE-2024-31228) An authenticated user can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST`, and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crashes.