Redis is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the affected application and gain elevated privileges. Failed exploit attempts may cause a denial-of-service condition, denying service to legitimate users. Redis versions prior to 4.0.10 and 5.x through and prior to 5.0 RC3 are vulnerable.
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To reduce the likelihood of a successful exploit, restrict local access to trusted individuals only.
Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.
Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.
Updates are available. Please see the references or vendor advisory for more information.