CVE-2021-29477 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	An integer overflow bug in Redis version 6.0 or newer could be exploited using the "STRALGO LCS" command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the "STRALGO LCS" command.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1909	redis	6.2.2-1	6.2.3-1	High	Fixed

References
https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g https://github.com/redis/redis/commit/92e3b1802f72ca0c5b0bde97f01d9b57a758d85c