FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c561ce49-eabc-11eb-9c3f-0800270512f4	redis -- Integer overflow issues with BITFIELD command on 32-bit systems Huang Zhw reports: On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset. This problem only affects 32-bit versions of Redis. Discovery 2021-07-04 Entry 2021-07-27 redis < 6.0.15 redis-devel < 6.2.5 redis5 < 5.0.13 CVE-2021-32761 https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
9b4806c1-257f-11ec-9db5-0800270512f4	redis -- multiple vulnerabilities The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. CVE-2021-32687 Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. CVE-2021-32675 Denial Of Service when processing RESP request payloads with a large number of elements on many connections. CVE-2021-32672 Random heap reading issue with Lua Debugger. CVE-2021-32628 Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. CVE-2021-32627 Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. CVE-2021-32626 Specially crafted Lua scripts may result with Heap buffer overflow. Discovery 2021-10-04 Entry 2021-10-05 redis-devel < 7.0.0.20211005 redis < 6.2.6 redis6 < 6.0.16 redis5 < 5.0.14 CVE-2021-41099 CVE-2021-32762 CVE-2021-32687 CVE-2021-32675 CVE-2021-32672 CVE-2021-32628 CVE-2021-32627 CVE-2021-32626 https://groups.google.com/g/redis-db/c/GS_9L2KCk9g

VuXML ID

Description

c561ce49-eabc-11eb-9c3f-0800270512f4

redis -- Integer overflow issues with BITFIELD command on 32-bit systems

Huang Zhw reports:

On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset.

This problem only affects 32-bit versions of Redis.

Discovery 2021-07-04
Entry 2021-07-27
redis

< 6.0.15

redis-devel

< 6.2.5

redis5

< 5.0.13

CVE-2021-32761
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj

9b4806c1-257f-11ec-9db5-0800270512f4

redis -- multiple vulnerabilities

The Redis Team reports:

CVE-2021-41099

Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured.

CVE-2021-32762

Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms.

CVE-2021-32687

Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value.

CVE-2021-32675

Denial Of Service when processing RESP request payloads with a large number of elements on many connections.

CVE-2021-32672

Random heap reading issue with Lua Debugger.

CVE-2021-32628

Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.

CVE-2021-32627

Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit.

CVE-2021-32626

Specially crafted Lua scripts may result with Heap buffer overflow.

Discovery 2021-10-04
Entry 2021-10-05
redis-devel

< 7.0.0.20211005

redis

< 6.2.6

redis6

< 6.0.16

redis5

< 5.0.14

CVE-2021-41099
CVE-2021-32762
CVE-2021-32687
CVE-2021-32675
CVE-2021-32672
CVE-2021-32628
CVE-2021-32627
CVE-2021-32626
https://groups.google.com/g/redis-db/c/GS_9L2KCk9g