Redis is vulnerable to denial of service. An integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements.
github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3
github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
lists.fedoraproject.org/archives/list/[email protected]/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
lists.fedoraproject.org/archives/list/[email protected]/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
lists.fedoraproject.org/archives/list/[email protected]/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
security.gentoo.org/glsa/202209-17
security.netapp.com/advisory/ntap-20211104-0003/
www.debian.org/security/2021/dsa-5001
www.oracle.com/security-alerts/cpuapr2022.html