[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3647/redis

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6a44cb6 by Salvatore Bonaccorso at 2022-10-22T17:41:18+02:00
Add CVE-2022-3647/redis

Rationale to make this unimportant: At the point at which crash for the
CVE is reached, redis did already crash due to calling an invalid
function pointer. The CVE is for the crash inside the crash report when
the backtrace function will try to defereference this invalid pointer.

So the consequence will be that the crash inside the crash report will
kill the processes without having all the crash report information.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -469,7 +469,10 @@ CVE-2022-38075
 CVE-2022-3648
 	RESERVED
 CVE-2022-3647 (A vulnerability, which was classified as problematic, was found in Red ...)
-	TODO: check
+	- redis <unfixed> (unimportant)
+	NOTE: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3
+	NOTE: Crash inside the crash report when redis already crashed due to calling an invalid
+	NOTE: function pointer, negligible security impact
 CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...)
 	- linux 6.0.2-1
 	[bullseye] - linux 5.10.148-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a44cb6259d5c3057b04b292b75be8965d31f88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a44cb6259d5c3057b04b292b75be8965d31f88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221022/f7dd09c0/attachment.htm>