diff --git a/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-127.md b/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-127.md index 9106fd8474..3d48db6df5 100644 --- a/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-127.md +++ b/content/operate/rs/release-notes/rs-6-4-2-releases/rs-6-4-2-127.md @@ -98,6 +98,8 @@ Redis Enterprise 6.4.2-127 supports open source Redis 6.2 and 6.0. Below is the Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-130.md b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-130.md index 2b30d4d655..52f4d7630b 100644 --- a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-130.md +++ b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-130.md @@ -104,6 +104,8 @@ Redis Enterprise 7.2.4-130 supports open source Redis 7.2, 6.2, and 6.0. Below i Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -150,6 +152,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-132.md b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-132.md index c86964bd1b..3bef6e19f5 100644 --- a/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-132.md +++ b/content/operate/rs/release-notes/rs-7-2-4-releases/rs-7-2-4-132.md @@ -100,6 +100,8 @@ Redis Enterprise 7.2.4-132 supports open source Redis 7.2, 6.2, and 6.0. Below i Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -146,6 +148,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-216.md b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-216.md index 40dd1bdaa2..a0a8557ffb 100644 --- a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-216.md +++ b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-216.md @@ -171,10 +171,14 @@ Redis Enterprise Software 7.22.0-216 supports open source Redis 7.4, 7.2, and 6. Redis 7.4.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -221,6 +225,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-95.md b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-95.md index b0b0ef5f67..084b7e2dec 100644 --- a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-95.md +++ b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-0-95.md @@ -324,10 +324,14 @@ Redis Enterprise Software 7.22.0-95 supports open source Redis 7.4, 7.2, and 6.2 Redis 7.4.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -374,6 +378,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-268.md b/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-268.md index 9f7241ca82..2925fd8ded 100644 --- a/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-268.md +++ b/content/operate/rs/release-notes/rs-7-4-2-releases/rs-7-4-6-268.md @@ -216,6 +216,8 @@ Redis Enterprise 7.4.6-268 supports open source Redis 7.2, 6.2, and 6.0. Below i Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -262,6 +264,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-119.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-119.md index c15fb25c28..0b240671b7 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-119.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-119.md @@ -141,10 +141,14 @@ Redis Software 7.8.6-119 supports open source Redis 7.4, 7.2, and 6.2. Below is Redis 7.4.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -191,6 +195,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-95.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-95.md index d8b4f85bc3..76bf95ca32 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-95.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-6-95.md @@ -151,10 +151,14 @@ Redis Software 7.8.6-95 supports open source Redis 7.4, 7.2, and 6.2. Below is t Redis 7.4.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. Redis 7.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. @@ -201,6 +205,8 @@ Redis 7.0.x: Redis 6.2.x: +- (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. + - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. - (CVE-2024-31449) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution.