redis: fix CVE-2024-31228 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-01-31 12:50:59 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-02-09 07:55:14 -0800
commit	42df84dcf334714336fe90fa92d59f7786802a39 (patch)
tree	779d0ef04fcb731c0818957579f0256d3535c616 /meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch
parent	58aae3874f304e54446d37e5cb5aa24c47300f45 (diff)
download	meta-openembedded-42df84dcf334714336fe90fa92d59f7786802a39.tar.gz

redis: fix CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. References: https://security-tracker.debian.org/tracker/CVE-2024-31228 Upstream-patch: https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: