FreeBSD Bugzilla – Attachment 226599 Details for
Bug 257325
security/vuxml: Document integer overflow vulnerability in redis
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file
security_vuxml.redis.patch (text/plain), 2.07 KB, created by
Yasuhiro Kimura
on 2021-07-22 07:31:36 UTC
(
hide
)
Description:
Patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-07-22 07:31:36 UTC
Size:
2.07 KB
patch
obsolete
>From 2314d9980d6a35b768bc7517bee0eb1fc7a9a048 Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@utahime.org> >Date: Thu, 22 Jul 2021 16:27:05 +0900 >Subject: [PATCH] security/vuxml: Document integer overflow vulnerability in > redis > >Document integer overflow vulnerability in redis. >--- > security/vuxml/vuln-2021.xml | 43 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 43 insertions(+) > >diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml >index ab4f57fdbfc2..d2570429e024 100644 >--- a/security/vuxml/vuln-2021.xml >+++ b/security/vuxml/vuln-2021.xml >@@ -1,3 +1,46 @@ >+ <vuln vid="c561ce49-eabc-11eb-9c3f-0800270512f4"> >+ <topic>redis -- Integer overflow issues with BITFIELD command on 32-bit systems</topic> >+ <affects> >+ <package> >+ <name>redis</name> >+ <range><lt>6.0.15</lt></range> >+ </package> >+ <package> >+ <name>redis-devel</name> >+ <range><lt>6.2.5</lt></range> >+ </package> >+ <package> >+ <name>redis5</name> >+ <range><lt>5.0.13</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Huang Zhw reports:</p> >+ <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"> >+ <p> >+ On 32-bit versions, Redis BITFIELD command is vulnerable to integer >+ overflow that can potentially be exploited to corrupt the heap, >+ leak arbitrary heap contents or trigger remote code execution. >+ The vulnerability involves constructing specially crafted bit >+ commands which overflow the bit offset. >+ </p> >+ <p> >+ This problem only affects 32-bit versions of Redis. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-32761</cvename> >+ <url>https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj</url> >+ </references> >+ <dates> >+ <discovery>2021-07-04</discovery> >+ <entry>2021-07-22</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="76487640-ea29-11eb-a686-3065ec8fd3ec"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects> >-- >2.32.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=226599">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
yasu
:
maintainer-approval?
(
ports-secteam
)
Actions:
View
|
Diff
Attachments on
bug 257325
: 226599