diff options
| author | Yasuhiro Kimura <yasu@FreeBSD.org> | 2023-03-21 05:47:49 +0000 |
|---|---|---|
| committer | Yasuhiro Kimura <yasu@FreeBSD.org> | 2023-03-21 08:01:05 +0000 |
| commit | 813c162637fcd998bd99215e30e52c5cccd084ba (patch) | |
| tree | 06609fc1780724aed59d3b83aab9472ff74205cf | |
| parent | 1f8461d12c173caf839e1b1e1456bb31798a68d2 (diff) | |
| download | ports-813c162637fcd998bd99215e30e52c5cccd084ba.tar.gz ports-813c162637fcd998bd99215e30e52c5cccd084ba.zip | |
security/vuxml: Document denial-of-serviece vulnerability in redis
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index e1ebe5cdd044..fb52f9cc03fe 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,37 @@ + <vuln vid="a60cc0e4-c7aa-11ed-8a4b-080027f5fec9"> + <topic>redis -- specially crafted MSETNX command can lead to denial-of-service</topic> + <affects> + <package> + <name>redis</name> + <range><lt>7.0.10</lt></range> + </package> + <package> + <name>redis-devel</name> + <range><lt>7.0.10.20230320</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Yupeng Yang reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"> + <p> + Authenticated users can use the MSETNX command to trigger + a runtime assertion and termination of the Redis server + process. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-28425</cvename> + <url>https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c</url> + </references> + <dates> + <discovery>2023-03-20</discovery> + <entry>2023-03-21</entry> + </dates> + </vuln> + <vuln vid="0d7d104c-c6fb-11ed-8a4b-080027f5fec9"> <topic>curl -- multiple vulnerabilities</topic> <affects> |