FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
1606b03b-ac57-11eb-9bdd-8c164567ca3c | redis -- multiple vulnerabilities
Redis project reports:
- Vulnerability in the STRALGO LCS command
-
An integer overflow bug in Redis version 6.0 or newer could be
exploited using the STRALGO LCS command to corrupt the heap and
potentially result with remote code execution.
- Vulnerability in the COPY command for large intsets
-
An integer overflow bug in Redis 6.2 could be exploited to corrupt
the heap and potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of
integer values and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting
with 2.6, where it could result with a corrupted RDB or DUMP payload,
but not exploited through COPY (which did not exist before 6.2).
Discovery 2021-05-03 Entry 2021-05-03 redis
ge 6.0.0 lt 6.0.13
redis-devel
ge 6.2.0 lt 6.2.3
CVE-2021-29477
CVE-2021-29478
https://groups.google.com/g/redis-db/c/6GSWzTW0PR8
|