This has been patched in Redis version 7.0.5. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Redis is an in-memory database that persists on disk. There are no known workarounds for this vulnerability. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. The fix has been included in USBX release (). This may allow one to redirect the code execution flow or introduce a denial of service. Other operating systems are unaffected.* This vulnerability affects Firefox ux_host_class_cdc_ecm_node_id` array. *This bug only affects Firefox on Windows. On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Integer Overflow or Wraparound in GitHub repository vim/vim prior to.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |