CVE-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

OESA-2021-1172 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator oth...

Denial Of Service (DoS)

redis is vulnerable to denial of service. A heap overflow was found in when using a heap allocator other than jemalloc or glibc's malloc allows an attacker to crash the application...

A heap overflow issue was found in Redis in versions before 5.0.10 before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users who use jemalloc or glibc malloc.

...

AZL-6852 CVE-2021-3470 affecting package redis for versions less than 5.0.5-7

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

DEBIAN-CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

ALPINE-CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

UBUNTU-CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use...

Redis Labs Redis 多款产品缓冲区错误漏洞

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. A buffer overflow...

CVE-2021-3470

A heap overflow issue was found in Redis when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc...

Security Vulnerabilities fixed in Firefox 82 — Mozilla

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::fromiter had allocated capacity that was the same as the numbe...

firefox security update

68.8.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one Wed Apr 29 2020 Jan Horak - Update to 68.8.0 build1 68.7.0-3 - Added fix for rhbz1821418 68.7.0-2 - Update to 68.7.0 build3 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Horak -...

firefox security update

60.3.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.3.0-1 - Update to 60.3.0 ESR 60.2.2-2 - Added patch for rhbz1633932 60.2.2-1 - Update to 60.2.2 ESR 60.2.1-1 - Update to 60.2.1 ESR 60.2.0-1 - Update to 60.2.0 ESR 60.1.0-9 - Do not...

firefox security update

60.2.0-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 60.2.0-1 - Update to 60.2.0 ESR 60.1.0-9 - Do not set user agent rhbz1608065 - GTK dialogs are localized now rhbz1619373 - JNLP association works again rhbz1607457 60.1.0-8 - Fixed...

firefox security update

60.1.0-4.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.1.0-4 - Disabled jemalloc on all second arches 60.1.0-3 - Updated to 60.1.0 ESR build2 60.1.0-2 - Disabled jemalloc on second arches 60.1.0-1 - Updated to 60.1.0 ESR 60.0-12 - Fixing bundled libffi...

Fedora 26 : 3:mariadb (2017-09dd8907da)

Rebase to 10.1.24 Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB Removed patches: fixed by upstream Patch5:...

LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflow

LG G4 MRA58K - mkvparser::Block::Block Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1124 There are multiple paths in mkvparser::Block::Block... that result in heap buffer overflows. See attached for sample files that trigger the overflow conditions - thes...

Based on jemalloc Android exploit skills----CENSUS-bug warning-the black bar safety net

Background description jemalloc-related research argp and huku in 2012 in Phrack published on: jemalloc memory allocator a separate use of themade-based on FreeBSD libc POC. argp and huku in 2012 BlackHat published: in Firefo play bad jemalloc metadata. argp in 2015 INFILTRATE on jemalloc exploit...

shadow - Firefox/Jemalloc Heap Exploitation Swiss Army Knife

A new, extended and renamed ; version of the Firefox/jemalloc heap exploitation swiss army knife. shadow has been tested with the following: Windows 8.1 x86-64 Windows 7 SP1 x86 and x86-64 WinDBG 6.3.9600.17200 x86 since Firefox stable is x86-only currently pykd version 0.3.0.36 Many different...

Oracle: Security Advisory (ELSA-2014-1647)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...