FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- multiple vulnerabilities

Affected packages
redis < 7.0.8
redis-devel < 7.0.8.20230116
redis62 < 6.2.9
redis6 < 6.0.17

Details

VuXML ID 5fa68bd9-95d9-11ed-811a-080027f5fec9
Discovery 2023-01-16
Entry 2023-01-16

The Redis core team reports:

CVE-2022-35977
Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic.
CVE-2023-22458
Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service.
[source]

References

CVE Name CVE-2022-35977
CVE Name CVE-2023-22458
URL https://github.com/redis/redis/releases/tag/7.0.8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.