CVE-2021-29478 – Vulnerability in the COPY command for large intsets
https://notcve.org/view.php?id=CVE-2021-29478
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. • https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V https://redis.io https://security.gentoo.org/glsa/202107-20 https://access.redhat.com/security/cve/CVE-2021-29478 https://bugzilla.redhat.com/show_bug.cgi?id=1957414 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2021-29477 – Vulnerability in the STRALGO LCS command
https://notcve.org/view.php?id=CVE-2021-29477
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. Redis es una estructura de datos en memoria de código abierto (con licencia BSD) almacenado, utilizado como base de datos, caché y agente de mensajes. • https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WD • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2021-3470
https://notcve.org/view.php?id=CVE-2021-3470
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. Se encontró un problema de desbordamiento de pila en Redis en las versiones anteriores a 5.0.10, versiones anteriores a 6.0.9 y versiones anteriores a 6.2.0, cuando se usaba un asignador de pila que no fuera jemalloc o malloc de glibc, conllevando a un posible bloqueo del proceso o de escritura fuera de límites. Efectivamente, este fallo no afecta a la gran mayoría de usuarios que usan jemalloc o glibc malloc. • https://bugzilla.redhat.com/show_bug.cgi?id=1943623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-21309 – Integer overflow on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-21309
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. • https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 https://github.com/redis/redis/pull/8522 https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf https://security.gentoo.org/glsa/202103-02 https://access.redhat.com/security/cve/CVE-2021-21309 https://bugzilla.redhat.com/show_bug.cgi?id=1932634 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVE-2020-35668
https://notcve.org/view.php?id=CVE-2020-35668
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. RedisGraph versiones 2.x hasta 2.2.11, presenta una desreferencia del puntero NULL que conlleva a un bloqueo del servidor porque maneja inapropiadamente una cadena sin comillas, tal y como un alias que aún no ha sido introducido • https://github.com/RedisGraph/RedisGraph/issues/1502 https://github.com/RedisGraph/RedisGraph/pull/1503 • CWE-476: NULL Pointer Dereference •