+ |
An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. |
+ |
|
+ |
The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. |
+ |
|
+ |
The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. |