FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-12-01 17:02:04 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5523394e-b889-11f0-9446-f02f7497ecda	redis -- Bug in XACKDEL may lead to stack overflow and potential RCE Google Big Sleep reports: A user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. The problem exists in Redis 8.2 or newer. The code doesn't handle the case where the number of ID's exceeds the STREAMID_STATIC_VECTOR_LEN, and skips a reallocation, which leads to a stack buffer overflow. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command. Discovery 2025-11-03 Entry 2025-11-03 redis >= 8.2.0 lt 8.2.3 CVE-2025-62507

VuXML ID

Description

5523394e-b889-11f0-9446-f02f7497ecda

redis -- Bug in XACKDEL may lead to stack overflow and potential RCE

Google Big Sleep reports:

A user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. The problem exists in Redis 8.2 or newer. The code doesn't handle the case where the number of ID's exceeds the STREAMID_STATIC_VECTOR_LEN, and skips a reallocation, which leads to a stack buffer overflow. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Discovery 2025-11-03
Entry 2025-11-03
redis

>= 8.2.0 lt 8.2.3

CVE-2025-62507