vulnerability

Red Hat: CVE-2025-21605: redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (Multiple Advisories)

Name: Red Hat: CVE-2025-21605: redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (Multiple Advisories)
Creator: Red Hat
Published: 2025-04-23T00:00:00.000Z
Keywords: CVE, CWE-770, Red Hat, 2025, 21605, redis, redhat-upgrade-redis, redhat-upgrade-redis-debuginfo, redhat-upgrade-redis-debugsource, redhat-upgrade-redis-devel, redhat-upgrade-redis-doc, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 23, 2025

Added

May 8, 2025

Modified

Jun 12, 2026

Description

A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted, and the memory is unavailable.

When password authentication is enabled on the Redis server but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system runs out of memory.

Solutions

redhat-upgrade-redisredhat-upgrade-redis-debuginforedhat-upgrade-redis-debugsourceredhat-upgrade-redis-develredhat-upgrade-redis-doc

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report