[Bug 1182657] New: VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 Bug ID: 1182657 Summary: VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: i586 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: ro@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- Integer overflow on 32-bit systems (CVE-2021-21309): Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. References: https://groups.google.com/g/redis-db/c/tFldUlOt8D8/m/HrZAfUB0AgAJ https://github.com/redis/redis/blob/6.2.0/00-RELEASENOTES -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 http://bugzilla.opensuse.org/show_bug.cgi?id=1182657#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://github.com/redis/redis/pull/8522 https://github.com/redis/redis/commit/d32f2e9999ce003bad0bd2c3bca29f64dcce44... -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 http://bugzilla.opensuse.org/show_bug.cgi?id=1182657#c4 --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> --- (In reply to Robert Frohl from comment #2)
also tracking SUSE:SLE-15:Update/redis as affected.
Does this even have a 32 bit build for this package? -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 http://bugzilla.opensuse.org/show_bug.cgi?id=1182657#c5 --- Comment #5 from Ruediger Oertel <ro@suse.com> --- depending on the definition. For SLE, we have built i586 rpms for this but they are not part of any product. It's part of Leap though, so they have binaries for armv7 and i586 I think. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1182657 http://bugzilla.opensuse.org/show_bug.cgi?id=1182657#c6 --- Comment #6 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1182657) was mentioned in https://build.opensuse.org/request/show/891113 15.2 / redis -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com