vulnerability

FreeBSD: VID-0E38B8F8-75DD-11EB-83F2-8C164567CA3C (CVE-2021-21309): redis -- Integer overflow on 32-bit systems

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Feb 22, 2021	Feb 24, 2021	Mar 18, 2021

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Feb 22, 2021

Added

Feb 24, 2021

Modified

Mar 18, 2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-0E38B8F8-75DD-11EB-83F2-8C164567CA3C:

Redis Development team reports:

Redis 4.0 or newer uses a configurable limit for

the maximum supported bulk input size. By default,

it is 512MB which is a safe value for all platforms.

If the limit is significantly increased, receiving a

large request from a client may trigger several

integer overflow scenarios, which would result with

buffer overflow and heap corruption.

Solution(s)

freebsd-upgrade-package-redisfreebsd-upgrade-package-redis-develfreebsd-upgrade-package-redis5

References

NVD-CVE-2021-21309

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today