FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
17e85cae-a115-11f0-9446-f02f7497ecda	redis,valkey -- Lua Use-After-Free may lead to remote code execution redis reports: An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. Discovery 2025-10-03 Entry 2025-10-04 redis >= 8.2.0 lt 8.2.2 redis80 >= 8.0.0 lt 8.0.4 redis74 >= 7.4.0 lt 7.4.6 redis72 >= 7.2.0 lt 7.2.11 redis62 >= 6.2.0 lt 6.2.20 valkey < 8.1.4 CVE-2025-49844 https://nvd.nist.gov/vuln/detail/CVE-2025-49844

VuXML ID

Description

17e85cae-a115-11f0-9446-f02f7497ecda

redis,valkey -- Lua Use-After-Free may lead to remote code execution

redis reports:

An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Discovery 2025-10-03
Entry 2025-10-04
redis

>= 8.2.0 lt 8.2.2

redis80

>= 8.0.0 lt 8.0.4

redis74

>= 7.4.0 lt 7.4.6

redis72

>= 7.2.0 lt 7.2.11

redis62

>= 6.2.0 lt 6.2.20

valkey

< 8.1.4

CVE-2025-49844
https://nvd.nist.gov/vuln/detail/CVE-2025-49844