{"id":"GO-2025-3540","summary":"Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis","details":"Potential out of order responses when CLIENT SETINFO times out during connection establishment in github.com/redis/go-redis","aliases":["CVE-2025-29923","GHSA-92cp-5422-2mw7"],"modified":"2026-02-04T03:06:24.656292Z","published":"2025-03-26T17:24:24Z","related":["CGA-rgfh-76wx-p645"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3540","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/redis/go-redis/security/advisories/GHSA-92cp-5422-2mw7"},{"type":"FIX","url":"https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6"},{"type":"FIX","url":"https://github.com/redis/go-redis/pull/3295"}],"affected":[{"package":{"name":"github.com/redis/go-redis","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9.6.0b1"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9.6.0b1"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"symbols":["baseClient.initConn","redis.ClusterOptions","redis.FailoverOptions","redis.RingOptions","redis.UniversalOptions"],"path":"github.com/redis/go-redis/v9"}],"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9.6.0b1"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis/v7","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis/v7"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis/v8","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis/v8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis/v9","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis/v9"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.5.1"},{"fixed":"9.5.5"}]}],"ecosystem_specific":{"imports":[{"symbols":["baseClient.initConn","redis.ClusterOptions","redis.FailoverOptions","redis.RingOptions","redis.UniversalOptions"],"path":"github.com/redis/go-redis/v9"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis/v9","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis/v9"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"9.6.3"}]}],"ecosystem_specific":{"imports":[{"symbols":["baseClient.initConn","redis.ClusterOptions","redis.FailoverOptions","redis.RingOptions","redis.UniversalOptions"],"path":"github.com/redis/go-redis/v9"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}},{"package":{"name":"github.com/redis/go-redis/v9","ecosystem":"Go","purl":"pkg:golang/github.com/redis/go-redis/v9"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.7.0-beta.1"},{"fixed":"9.7.3"}]}],"ecosystem_specific":{"imports":[{"symbols":["baseClient.initConn","redis.ClusterOptions","redis.FailoverOptions","redis.RingOptions","redis.UniversalOptions"],"path":"github.com/redis/go-redis/v9"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3540.json"}}],"schema_version":"1.7.3"}