FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5fa68bd9-95d9-11ed-811a-080027f5fec9	redis -- multiple vulnerabilities The Redis core team reports: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic. CVE-2023-22458 Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service. Discovery 2023-01-16 Entry 2023-01-16 redis < 7.0.8 redis-devel < 7.0.8.20230116 redis62 < 6.2.9 redis6 < 6.0.17 CVE-2022-35977 CVE-2023-22458 https://github.com/redis/redis/releases/tag/7.0.8
cc42db1c-c65f-11ec-ad96-0800270512f4	redis -- Multiple vulnerabilities Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. Discovery 2022-04-27 Entry 2022-04-27 redis < 6.2.7 redis-devel < 7.0.0.20220428 redis62 < 6.2.7 CVE-2022-24735 CVE-2022-24736 https://groups.google.com/g/redis-db/c/7iWUlwtoDqU

VuXML ID

Description

5fa68bd9-95d9-11ed-811a-080027f5fec9

redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2022-35977

Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic.

CVE-2023-22458

Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service.

Discovery 2023-01-16
Entry 2023-01-16
redis

< 7.0.8

redis-devel

< 7.0.8.20230116

redis62

< 6.2.9

redis6

< 6.0.17

CVE-2022-35977
CVE-2023-22458
https://github.com/redis/redis/releases/tag/7.0.8

cc42db1c-c65f-11ec-ad96-0800270512f4

redis -- Multiple vulnerabilities

Aviv Yahav reports:

CVE-2022-24735

By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user.

CVE-2022-24736

An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process.

Discovery 2022-04-27
Entry 2022-04-27
redis

< 6.2.7

redis-devel

< 7.0.0.20220428

redis62

< 6.2.7

CVE-2022-24735
CVE-2022-24736
https://groups.google.com/g/redis-db/c/7iWUlwtoDqU