FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Integer overflow on 32-bit systems

Affected packages
redis-devel < 6.2.0
redis < 6.0.11
redis5 < 5.2.11

Details

VuXML ID 0e38b8f8-75dd-11eb-83f2-8c164567ca3c
Discovery 2021-02-22
Entry 2021-02-23

Redis Development team reports:

Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption.

References

CVE Name CVE-2021-21309