| Package | redis |
|---|---|
| Version | 2:2.8.17-1+deb8u15 (jessie), 3:3.2.6-3+deb9u15 (stretch), 5:5.0.14-1+deb10u8 (buster) |
| Related CVEs | CVE-2025-21605 |
Unlimited output buffer for unauthenticated clients has been fixed in the key–value database Redis.
For Debian 10 buster, these problems have been fixed in version 5:5.0.14-1+deb10u8.
For Debian 8 jessie, these problems have been fixed in version 2:2.8.17-1+deb8u15.
For Debian 9 stretch, these problems have been fixed in version 3:3.2.6-3+deb9u15.
We recommend that you upgrade your redis packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.