FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
96b2d4db-ddd2-11ed-b6ea-080027f5fec9redis -- HINCRBYFLOAT can be used to crash a redis-server process

Redis core team reports:

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access.


Discovery 2023-04-17
Entry 2023-05-08
redis
< 7.0.11

redis62
< 6.2.12

redis6
< 6.0.19

CVE-2023-28856
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
b17bce48-b7c6-11ed-b304-080027f5fec9redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2023-25155
Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
CVE-2022-36021
String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.

Discovery 2023-02-28
Entry 2023-03-01
redis
< 7.0.9

redis-devel
< 7.0.9.20230228

redis62
< 6.2.11

redis6
< 6.0.18

CVE-2023-25155
CVE-2022-36021
https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI
5fa68bd9-95d9-11ed-811a-080027f5fec9redis -- multiple vulnerabilities

The Redis core team reports:

CVE-2022-35977
Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic.
CVE-2023-22458
Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service.

Discovery 2023-01-16
Entry 2023-01-16
redis
< 7.0.8

redis-devel
< 7.0.8.20230116

redis62
< 6.2.9

redis6
< 6.0.17

CVE-2022-35977
CVE-2023-22458
https://github.com/redis/redis/releases/tag/7.0.8