Bug ID | 1182657 |
---|---|
Summary | VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.2 |
Hardware | i586 |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | ro@suse.de |
Reporter | Andreas.Stieger@gmx.de |
QA Contact | qa-bugs@suse.de |
CC | security-team@suse.de |
Found By | --- |
Blocker | --- |
Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. References: https://groups.google.com/g/redis-db/c/tFldUlOt8D8/m/HrZAfUB0AgAJ https://github.com/redis/redis/blob/6.2.0/00-RELEASENOTES