Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-21309 - log back

CVE-2021-21309 edited at 24 Feb 2021 14:48:55

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary code execution

Description

+

Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default it is 512MB, which is a safe value for all platforms. On 32-bit systems, setting the proto-max-bulk-len config parameter to a high value may result in an integer overflow and a subsequent heap overflow when receiving a large request from a client. The issue is fixed in Redis version 6.2.0, 6.0.11 and 5.0.11.

References

+	https://github.com/redis/redis/pull/8522
+	https://github.com/redis/redis/commit/d32f2e9999ce003bad0bd2c3bca29f64dcce4433

Notes

CVE-2021-21309 created at 24 Feb 2021 14:42:35