FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-16 12:24:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b20f21a-8113-11ef-b988-08002784c58dredis,valkey -- Multiple vulnerabilities

Redis core team reports:

CVE-2024-31449
Lua library commands may lead to stack overflow and potential RCE.
CVE-2024-31227
Potential Denial-of-service due to malformed ACL selectors.
CVE-2024-31228
Potential Denial-of-service due to unbounded pattern matching.

Discovery 2024-10-02
Entry 2024-10-02
redis
>= 7.4.0 lt 7.4.1

>= 7.2.0 lt 7.2.6

redis72
>= 7.2.0 lt 7.2.6

redis62
>= 6.2.0 lt 6.2.16

valkey
>= 8,0,0 lt 8.0.1

>= 7.2.0 lt 7.2.7

CVE-2024-31449
CVE-2024-31227
CVE-2024-31228
https://github.com/redis/redis/releases/tag/7.4.1
8706e097-6db7-11ee-8744-080027f5fec9redis -- Possible bypassing Unix socket permissions

Redis core team reports:

The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.


Discovery 2023-10-18
Entry 2023-10-18
redis
< 7.2.2

redis-devel
< 7.2.2.20231018

redis70
< 7.0.14

redis62
< 6.2.14

CVE-2023-45145
https://groups.google.com/g/redis-db/c/r81pHa-dcI8