FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- integer overflow

Affected packages
6.0.0 <= redis < 6.0.14
6.2.0 <= redis-devel < 6.2.4


VuXML ID 8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c
Discovery 2021-06-01
Entry 2021-06-01

Redis development team reports:

An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.


CVE Name CVE-2021-32625