vulnerability
Amazon Linux 2023: CVE-2025-21605: Important priority package update for valkey (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 23, 2025 | Apr 30, 2025 | Jul 4, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 23, 2025
Added
Apr 30, 2025
Modified
Jul 4, 2025
Description
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted, and the memory is unavailable.
When password authentication is enabled on the Redis server but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system runs out of memory.
When password authentication is enabled on the Redis server but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system runs out of memory.
Solutions
amazon-linux-2023-upgrade-redis6amazon-linux-2023-upgrade-redis6-debuginfoamazon-linux-2023-upgrade-redis6-debugsourceamazon-linux-2023-upgrade-redis6-develamazon-linux-2023-upgrade-redis6-docamazon-linux-2023-upgrade-valkeyamazon-linux-2023-upgrade-valkey-debuginfoamazon-linux-2023-upgrade-valkey-debugsourceamazon-linux-2023-upgrade-valkey-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.