http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 Bug ID: 1182657 Summary: VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: i586 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: ro@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. References: https://groups.google.com/g/redis-db/c/tFldUlOt8D8/m/HrZAfUB0AgAJ https://github.com/redis/redis/blob/6.2.0/00-RELEASENOTES -- You are receiving this mail because: You are on the CC list for the bug.