Vulnerability
KeyDB inherits CVE-2025-21605 from Redis — unauthenticated clients can cause unbounded output buffer growth leading to memory exhaustion (DoS).
Details
Default client-output-buffer-limit for normal clients is 0 0 0 (unlimited). A client that subscribes and never reads will cause unbounded memory growth.
Dynamic verification: memory grew from 3.46MB to 4.66GB (1,346x) in Docker testing.
Tested Version
KeyDB latest master (git sha 603ebb27).
Suggested Fix
Set default output buffer limits for normal clients.
Vulnerability
KeyDB inherits CVE-2025-21605 from Redis — unauthenticated clients can cause unbounded output buffer growth leading to memory exhaustion (DoS).
Details
Default
client-output-buffer-limitfor normal clients is0 0 0(unlimited). A client that subscribes and never reads will cause unbounded memory growth.Dynamic verification: memory grew from 3.46MB to 4.66GB (1,346x) in Docker testing.
Tested Version
KeyDB latest master (git sha
603ebb27).Suggested Fix
Set default output buffer limits for normal clients.