CVE-2021-29478 log

Severity High
Remote Yes
Type Arbitrary code execution
An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the "CONFIG SET" command.
Group Package Affected Fixed Severity Status Ticket
AVG-1909 redis 6.2.2-1 6.2.3-1 High Fixed