git: 3c58a32b35b3 - main - security/vuxml: Document potential remote code execution vulnerability in redis
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 22 Sep 2022 07:34:24 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=3c58a32b35b383978c633ab160e63af7d33cf0ac
commit 3c58a32b35b383978c633ab160e63af7d33cf0ac
Author: Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2022-09-22 05:01:53 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-09-22 07:32:04 +0000
security/vuxml: Document potential remote code execution vulnerability in redis
---
security/vuxml/vuln-2022.xml | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index a7865cf13168..0f87f6dda2bb 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,35 @@
+ <vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9">
+ <topic>redis -- Potential remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>redis</name>
+ <range><ge>7.0.0</ge><lt>7.0.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Redis core team reports:</p>
+ <blockquote cite="https://github.com/redis/redis/releases/tag/7.0.5">
+ <p>
+ Executing a XAUTOCLAIM command on a stream key in a
+ specific state, with a specially crafted COUNT argument,
+ may cause an integer overflow, a subsequent heap overflow,
+ and potentially lead to remote code execution. The problem
+ affects Redis versions 7.0.0 or newer.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-35951</cvename>
+ <url>https://github.com/redis/redis/releases/tag/7.0.5</url>
+ </references>
+ <dates>
+ <discovery>2022-09-21</discovery>
+ <entry>2022-09-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="95e6e6ca-3986-11ed-8e0c-6c3be5272acd">
<topic>Grafana -- Privilege escalation</topic>
<affects>