summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYasuhiro Kimura <yasu@FreeBSD.org>2023-10-18 22:19:04 +0900
committerYasuhiro Kimura <yasu@FreeBSD.org>2023-10-18 23:08:38 +0900
commit0b85db4c72d52b254346fda84fe7ce12d3342869 (patch)
treeb61f2633be6f2314193fcb1789e153e382874265
parentarchivers/snappy-java: Update to 1.1.10.5 (diff)
security/vuxml: Document possible bypassing Unix socket permissions in redis
Diffstat
-rw-r--r--security/vuxml/vuln/2023.xml42
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 04ece10e1634..9bc5fae872e5 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,45 @@
+ <vuln vid="8706e097-6db7-11ee-8744-080027f5fec9">
+ <topic>redis -- Possible bypassing Unix socket permissions</topic>
+ <affects>
+ <package>
+ <name>redis</name>
+ <range><lt>7.2.2</lt></range>
+ </package>
+ <package>
+ <name>redis-devel</name>
+ <range><lt>7.2.2.20231018</lt></range>
+ </package>
+ <package>
+ <name>redis70</name>
+ <range><lt>7.0.14</lt></range>
+ </package>
+ <package>
+ <name>redis62</name>
+ <range><lt>6.2.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redis core team reports:</p>
+ <blockquote cite="https://groups.google.com/g/redis-db/c/r81pHa-dcI8">
+ <p>
+ The wrong order of listen(2) and chmod(2) calls creates a
+ race condition that can be used by another process to
+ bypass desired Unix socket permissions on startup.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-45145</cvename>
+ <url>https://groups.google.com/g/redis-db/c/r81pHa-dcI8</url>
+ </references>
+ <dates>
+ <discovery>2023-10-18</discovery>
+ <entry>2023-10-18</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ae0ee356-6ae1-11ee-bfb6-8c164567ca3c">
<topic>libcue -- out-of-bounds array access</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-07 11:50:04 +0000