Log

ASA-202106-13 edited at 01 Jun 2021 16:50:35
Impact
+ An attacker could execute arbitrary code by supplying crafted input to generate an EAN barcode.
ASA-202106-13 created at 01 Jun 2021 16:48:53
CVE-2021-32625 edited at 01 Jun 2021 16:48:29
Notes
Workaround
==========
- A workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command.
+ A workaround to mitigate the problem is to use an ACL configuration to prevent clients from using the STRALGO LCS command.
- On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
+ On systems running Redis version 6.2.3, it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
ASA-202106-12 edited at 01 Jun 2021 16:48:20
Workaround
+ A workaround to mitigate the problem is to use an ACL configuration to prevent clients from using the STRALGO LCS command.
+
+ On systems running Redis version 6.2.3, it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
Impact
+ A remote attacker could execute arbitrary code on the database server through a crafted STRALGO LCS command.
CVE-2021-32625 edited at 01 Jun 2021 16:45:15
Description
- An integer overflow bug in Redis versions 6.0 up to 6.2.3 can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.
+ An integer overflow bug in Redis versions 6.0 up to 6.2.3 can be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. This is a result of an incomplete fix of CVE-2021-29477.
Notes
Workaround
==========
- An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command.
+ A workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command.
On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
ASA-202106-12 created at 01 Jun 2021 16:44:31
AVG-1992 edited at 01 Jun 2021 16:44:15
Affected
- 76.0.4017.154-1
+ 76.0.4017.175-1
Notes
- Opera version 76.0.4017.154 is based on Chromium version 90.0.4430.212 according to the reference.
+ Opera version 76.0.4017.175 is based on Chromium version 90.0.4430.212 according to the reference.
AVG-2022 edited at 01 Jun 2021 16:43:45
Status
- Vulnerable
+ Fixed
Fixed
+ 6.2.4-1
ASA-202106-10 edited at 01 Jun 2021 16:42:01
Impact
+ An attacker could crash the DHCP client, or potentially execute arbitrary code, through a crafted lease file.
ASA-202106-11 edited at 01 Jun 2021 16:41:38
Impact
+ An attacker could crash the DHCP server, or potentially execute arbitrary code, through a crafted lease file.