From f137ead9e95a343ca2b1b91d8c38ff9db731a2f8 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 23 Oct 2025 11:18:19 -0500 Subject: [PATCH] DOC-5850 RS: Updated 7.22.2-14 release notes security section --- .../rs/release-notes/rs-7-22-releases/rs-7-22-2-14.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-2-14.md b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-2-14.md index a2f701fdc..20f4a874f 100644 --- a/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-2-14.md +++ b/content/operate/rs/release-notes/rs-7-22-releases/rs-7-22-2-14.md @@ -169,8 +169,6 @@ Redis 7.4.x: - (CVE-2025-46817) An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution. -- (CVE-2025-49844) An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. - - (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. @@ -183,8 +181,6 @@ Redis 7.2.x: - (CVE-2025-46817) An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution. -- (CVE-2025-49844) An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. - - (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service. @@ -239,8 +235,6 @@ Redis 6.2.x: - (CVE-2025-46817) An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution. -- (CVE-2025-49844) An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. - - (CVE-2025-32023) An authenticated user can use a specially crafted string to trigger a stack/heap out-of-bounds write on HyperLogLog operations, which can lead to remote code execution. - (CVE-2025-21605) An unauthenticated client can cause unlimited growth of output buffers until the server runs out of memory or is terminated, which can lead to denial-of-service.