FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Potential remote code execution vulnerability

Affected packages
7.0.0 <= redis < 7.0.4

Details

VuXML ID 871d93f9-06aa-11ed-8d5f-080027f5fec9
Discovery 2022-07-18
Entry 2022-07-18

The Redis core team reports:

A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution.

[source]

References

CVE Name CVE-2022-31144
URL https://groups.google.com/g/redis-db/c/FWngtg3WpfA

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.