diff options
author | Oran Agra <oran@redislabs.com> | 2021-05-03 08:27:22 +0300 |
---|---|---|
committer | Oran Agra <oran@redislabs.com> | 2021-05-03 18:59:47 +0300 |
commit | 29900d4e6bccdf3691bedf0ea9a5d84863fa3592 (patch) | |
tree | be13eca85decc0249b5329ebbf6c91c89258c15c /src/t_string.c | |
parent | 611e11734c4e5f4dc1671bf53568732810682e0b (diff) | |
download | redis-29900d4e6bccdf3691bedf0ea9a5d84863fa3592.tar.gz |
Fix integer overflow in intset (CVE-2021-29478)
An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of integer values
and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting with 2.6,
where it could result with a corrupted RDB or DUMP payload, but not exploited
through COPY (which did not exist before 6.2).
Diffstat (limited to 'src/t_string.c')
0 files changed, 0 insertions, 0 deletions