FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- integer overflow

Affected packages
6.0.0 <= redis < 6.0.14
6.2.0 <= redis-devel < 6.2.4

Details

VuXML ID 8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c
Discovery 2021-06-01
Entry 2021-06-01

Redis development team reports:

An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.

References

CVE Name CVE-2021-32625
URL https://groups.google.com/g/redis-db/c/RLTwi1kKsCI