Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202106-12 - log back

ASA-202106-12 edited at 03 Jun 2021 08:47:22

Workaround

-	A workaround to mitigate the problem is to use an ACL configuration to prevent clients from using the STRALGO LCS command.
+	A workaround to mitigate the problem is to use an ACL configuration to
+	prevent clients from using the STRALGO LCS command.

-	On systems running Redis version 6.2.3, it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
+	On systems running Redis version 6.2.3, it is sufficient to make sure
+	that the proto-max-bulk-len config parameter is smaller than 2GB
+	(default is 512MB).

ASA-202106-12 edited at 01 Jun 2021 16:48:20

Workaround

+	A workaround to mitigate the problem is to use an ACL configuration to prevent clients from using the STRALGO LCS command.
+
+	On systems running Redis version 6.2.3, it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).

Impact

+	A remote attacker could execute arbitrary code on the database server through a crafted STRALGO LCS command.

ASA-202106-12 created at 01 Jun 2021 16:44:31