http://bugzilla.opensuse.org/show_bug.cgi?id=1178205 Bug ID: 1178205 Summary: VUL-0: redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mrueckert@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- Redis 6.0.9 fixes a potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. When using a system with no malloc_usable_size(), zmalloc_size() assumed that the heap allocator always returns blocks that are long-padded. This may not always be the case, and will result with zmalloc_size() returning a size that is bigger than allocated. At least in one case this leads to out of bound write, process crash and a potential security vulnerability. Effectively this does not affect the vast majority of users, who use jemalloc or glibc. https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES https://github.com/redis/redis/pull/7963 -- You are receiving this mail because: You are on the CC list for the bug.