diff options
author | Yasuhiro Kimura <yasu@FreeBSD.org> | 2023-05-08 01:52:03 +0000 |
---|---|---|
committer | Yasuhiro Kimura <yasu@FreeBSD.org> | 2023-05-08 06:22:36 +0000 |
commit | c8fcc63673a321430c6b8df1f060f075d61bd4e9 (patch) | |
tree | 18cf5258fea495431ef10575e0cd444d26a201fd | |
parent | 205e246ff97b23559868c103055e7451b1a366b3 (diff) | |
download | ports-c8fcc63673a321430c6b8df1f060f075d61bd4e9.tar.gz ports-c8fcc63673a321430c6b8df1f060f075d61bd4e9.zip |
security/vuxml: Document crash on access vulnerability in redis
-rw-r--r-- | security/vuxml/vuln/2023.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index d918bee90d58..5299ac88e020 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,41 @@ + <vuln vid="96b2d4db-ddd2-11ed-b6ea-080027f5fec9"> + <topic>redis -- HINCRBYFLOAT can be used to crash a redis-server process</topic> + <affects> + <package> + <name>redis</name> + <range><lt>7.0.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><lt>6.2.12</lt></range> + </package> + <package> + <name>redis6</name> + <range><lt>6.0.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Redis core team reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6"> + <p> + Authenticated users can use the HINCRBYFLOAT command to + create an invalid hash field that may later crash Redis on + access. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-28856</cvename> + <url>https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6</url> + </references> + <dates> + <discovery>2023-04-17</discovery> + <entry>2023-05-08</entry> + </dates> + </vuln> + <vuln vid="89fdbd85-ebd2-11ed-9c88-001b217b3468"> <topic>Gitlab -- Multiple Vulnerabilities</topic> <affects> |