Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Arbitrary code execution |
|
Description |
+ |
A security issue has been found in Redis before version 6.2.5. In 32-bit versions, the Redis BITFIELD command is vulnerable to an integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset. |
|
References |
+ |
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj |
+ |
https://github.com/redis/redis/pull/9191 |
+ |
https://github.com/redis/redis/commit/835d15b5360e277e6f95529c4d8685946a977ddd |
|
Notes |
+ |
Workaround |
+ |
========== |
+ |
|
+ |
A workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. |
|