FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5fa68bd9-95d9-11ed-811a-080027f5fec9	redis -- multiple vulnerabilities The Redis core team reports: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic. CVE-2023-22458 Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service. Discovery 2023-01-16 Entry 2023-01-16 redis < 7.0.8 redis-devel < 7.0.8.20230116 redis62 < 6.2.9 redis6 < 6.0.17 CVE-2022-35977 CVE-2023-22458 https://github.com/redis/redis/releases/tag/7.0.8
9b4806c1-257f-11ec-9db5-0800270512f4	redis -- multiple vulnerabilities The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. CVE-2021-32687 Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. CVE-2021-32675 Denial Of Service when processing RESP request payloads with a large number of elements on many connections. CVE-2021-32672 Random heap reading issue with Lua Debugger. CVE-2021-32628 Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. CVE-2021-32627 Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. CVE-2021-32626 Specially crafted Lua scripts may result with Heap buffer overflow. Discovery 2021-10-04 Entry 2021-10-05 redis-devel < 7.0.0.20211005 redis < 6.2.6 redis6 < 6.0.16 redis5 < 5.0.14 CVE-2021-41099 CVE-2021-32762 CVE-2021-32687 CVE-2021-32675 CVE-2021-32672 CVE-2021-32628 CVE-2021-32627 CVE-2021-32626 https://groups.google.com/g/redis-db/c/GS_9L2KCk9g

VuXML ID

Description

5fa68bd9-95d9-11ed-811a-080027f5fec9

redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2022-35977

Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic.

CVE-2023-22458

Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service.

Discovery 2023-01-16
Entry 2023-01-16
redis

< 7.0.8

redis-devel

< 7.0.8.20230116

redis62

< 6.2.9

redis6

< 6.0.17

CVE-2022-35977
CVE-2023-22458
https://github.com/redis/redis/releases/tag/7.0.8

9b4806c1-257f-11ec-9db5-0800270512f4

redis -- multiple vulnerabilities

The Redis Team reports:

CVE-2021-41099

Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured.

CVE-2021-32762

Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms.

CVE-2021-32687

Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value.

CVE-2021-32675

Denial Of Service when processing RESP request payloads with a large number of elements on many connections.

CVE-2021-32672

Random heap reading issue with Lua Debugger.

CVE-2021-32628

Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.

CVE-2021-32627

Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit.

CVE-2021-32626

Specially crafted Lua scripts may result with Heap buffer overflow.

Discovery 2021-10-04
Entry 2021-10-05
redis-devel

< 7.0.0.20211005

redis

< 6.2.6

redis6

< 6.0.16

redis5

< 5.0.14

CVE-2021-41099
CVE-2021-32762
CVE-2021-32687
CVE-2021-32675
CVE-2021-32672
CVE-2021-32628
CVE-2021-32627
CVE-2021-32626
https://groups.google.com/g/redis-db/c/GS_9L2KCk9g