CVE-2021-21309 log

Severity Medium
Remote Yes
Type Arbitrary code execution
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default it is 512MB, which is a safe value for all platforms. On 32-bit systems, setting the proto-max-bulk-len config parameter to a high value may result in an integer overflow and a subsequent heap overflow when receiving a large request from a client. The issue is fixed in Redis version 6.2.0, 6.0.11 and 5.0.11.
Group Package Affected Fixed Severity Status Ticket
AVG-1619 redis 6.0.10-1 6.2.0-1 Medium Not affected