FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-01 20:12:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6fae2d6c-1f38-11ee-a475-080027f5fec9redis -- heap overflow in COMMAND GETKEYS and ACL evaluation

Redis core team reports:

Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.


Discovery 2023-07-10
Entry 2023-07-10
redis
< 7.0.12

redis-devel
< 7.0.12.20230710

CVE-2023-36824
https://groups.google.com/g/redis-db/c/JDjKS0GubsQ
https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
c561ce49-eabc-11eb-9c3f-0800270512f4redis -- Integer overflow issues with BITFIELD command on 32-bit systems

Huang Zhw reports:

On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset.

This problem only affects 32-bit versions of Redis.


Discovery 2021-07-04
Entry 2021-07-27
redis
< 6.0.15

redis-devel
< 6.2.5

redis5
< 5.0.13

CVE-2021-32761
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
9b4806c1-257f-11ec-9db5-0800270512f4redis -- multiple vulnerabilities

The Redis Team reports:

CVE-2021-41099
Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured.
CVE-2021-32762
Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms.
CVE-2021-32687
Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value.
CVE-2021-32675
Denial Of Service when processing RESP request payloads with a large number of elements on many connections.
CVE-2021-32672
Random heap reading issue with Lua Debugger.
CVE-2021-32628
Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.
CVE-2021-32627
Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit.
CVE-2021-32626
Specially crafted Lua scripts may result with Heap buffer overflow.

Discovery 2021-10-04
Entry 2021-10-05
redis-devel
< 7.0.0.20211005

redis
< 6.2.6

redis6
< 6.0.16

redis5
< 5.0.14

CVE-2021-41099
CVE-2021-32762
CVE-2021-32687
CVE-2021-32675
CVE-2021-32672
CVE-2021-32628
CVE-2021-32627
CVE-2021-32626
https://groups.google.com/g/redis-db/c/GS_9L2KCk9g
8706e097-6db7-11ee-8744-080027f5fec9redis -- Possible bypassing Unix socket permissions

Redis core team reports:

The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.


Discovery 2023-10-18
Entry 2023-10-18
redis
< 7.2.2

redis-devel
< 7.2.2.20231018

redis70
< 7.0.14

redis62
< 6.2.14

CVE-2023-45145
https://groups.google.com/g/redis-db/c/r81pHa-dcI8
cc42db1c-c65f-11ec-ad96-0800270512f4redis -- Multiple vulnerabilities

Aviv Yahav reports:

CVE-2022-24735
By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user.
CVE-2022-24736
An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process.

Discovery 2022-04-27
Entry 2022-04-27
redis
< 6.2.7

redis-devel
< 7.0.0.20220428

redis62
< 6.2.7

CVE-2022-24735
CVE-2022-24736
https://groups.google.com/g/redis-db/c/7iWUlwtoDqU
5fa68bd9-95d9-11ed-811a-080027f5fec9redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2022-35977
Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic.
CVE-2023-22458
Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service.

Discovery 2023-01-16
Entry 2023-01-16
redis
< 7.0.8

redis-devel
< 7.0.8.20230116

redis62
< 6.2.9

redis6
< 6.0.17

CVE-2022-35977
CVE-2023-22458
https://github.com/redis/redis/releases/tag/7.0.8
0e254b4a-1f37-11ee-a475-080027f5fec9redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports:

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution.


Discovery 2023-07-10
Entry 2023-07-10
redis
< 7.0.12

redis-devel
< 7.0.12.20230710

redis62
< 6.2.13

redis60
< 6.0.20

CVE-2022-24834
https://groups.google.com/g/redis-db/c/JDjKS0GubsQ
b17bce48-b7c6-11ed-b304-080027f5fec9redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2023-25155
Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
CVE-2022-36021
String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.

Discovery 2023-02-28
Entry 2023-03-01
redis
< 7.0.9

redis-devel
< 7.0.9.20230228

redis62
< 6.2.11

redis6
< 6.0.18

CVE-2023-25155
CVE-2022-36021
https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI
a60cc0e4-c7aa-11ed-8a4b-080027f5fec9redis -- specially crafted MSETNX command can lead to denial-of-service

Yupeng Yang reports:

Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process.


Discovery 2023-03-20
Entry 2023-03-21
redis
< 7.0.10

redis-devel
< 7.0.10.20230320

CVE-2023-28425
https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
96b2d4db-ddd2-11ed-b6ea-080027f5fec9redis -- HINCRBYFLOAT can be used to crash a redis-server process

Redis core team reports:

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access.


Discovery 2023-04-17
Entry 2023-05-08
redis
< 7.0.11

redis62
< 6.2.12

redis6
< 6.0.19

CVE-2023-28856
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
0e38b8f8-75dd-11eb-83f2-8c164567ca3credis -- Integer overflow on 32-bit systems

Redis Development team reports:

Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption.


Discovery 2021-02-22
Entry 2021-02-23
redis-devel
< 6.2.0

redis
< 6.0.11

redis5
< 5.0.11

CVE-2021-21309
fa175f30-8c75-11e6-924a-60a44ce6887bredis -- sensitive information leak through command history file

Redis team reports:

The redis-cli history file (in linenoise) is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users.


Discovery 2013-11-30
Entry 2016-10-11
redis
redis-devel
< 3.2.3

https://github.com/antirez/redis/pull/1418
https://github.com/antirez/redis/issues/3284
CVE-2013-7458
91be81e7-3fea-11e1-afc7-2c4138874f7dMultiple implementations -- DoS via hash algorithm collision

oCERT reports:

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

The issue finds particular exposure in web server applications and/or frameworks. In particular, the lack of sufficient limits for the number of parameters in POST requests in conjunction with the predictable collision properties in the hashing functions of the underlying languages can render web applications vulnerable to the DoS condition. The attacker, using specially crafted HTTP requests, can lead to a 100% of CPU usage which can last up to several hours depending on the targeted application and server performance, the amplification effect is considerable and requires little bandwidth and time on the attacker side.

The condition for predictable collisions in the hashing functions has been reported for the following language implementations: Java, JRuby, PHP, Python, Rubinius, Ruby. In the case of the Ruby language, the 1.9.x branch is not affected by the predictable collision condition since this version includes a randomization of the hashing function.

The vulnerability outlined in this advisory is practically identical to the one reported in 2003 and described in the paper Denial of Service via Algorithmic Complexity Attacks which affected the Perl language.


Discovery 2011-12-28
Entry 2012-01-16
Modified 2012-01-20
jruby
< 1.6.5.1

ruby
ruby+nopthreads
ruby+nopthreads+oniguruma
ruby+oniguruma
< 1.8.7.357,1

rubygem-rack
< 1.3.6,3

v8
< 3.8.5

redis
le 2.4.6

node
< 0.6.7

CVE-2011-4838
CVE-2011-4815
CVE-2011-5036
CVE-2011-5037
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf