Source: valkey Version: 8.1.1+dfsg1-2 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/valkey-io/valkey/pull/2315 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for valkey. CVE-2025-48367[0]: | Redis is an open source, in-memory database that persists on disk. | An unauthenticated connection can cause repeated IP protocol errors, | leading to client starvation and, ultimately, a denial of service. | This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-48367 https://www.cve.org/CVERecord?id=CVE-2025-48367 [1] https://github.com/valkey-io/valkey/pull/2315 [2] https://github.com/valkey-io/valkey/commit/cb10d9d78f35945b667e46967b3980e89954d73b Regards, Salvatore
