logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-32625

Description

A flaw was found in Redis. An integer overflow could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. #### Mitigation The flaw can be mitigated by disallowing usage of the STRALGO LCS command via ACL configuration. Please see <https://redis.io/topics/acl> for more information on how to do this. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).


Related