From 2314d9980d6a35b768bc7517bee0eb1fc7a9a048 Mon Sep 17 00:00:00 2001 From: Yasuhiro Kimura Date: Thu, 22 Jul 2021 16:27:05 +0900 Subject: [PATCH] security/vuxml: Document integer overflow vulnerability in redis Document integer overflow vulnerability in redis. --- security/vuxml/vuln-2021.xml | 43 ++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index ab4f57fdbfc2..d2570429e024 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,46 @@ + + redis -- Integer overflow issues with BITFIELD command on 32-bit systems + + + redis + 6.0.15 + + + redis-devel + 6.2.5 + + + redis5 + 5.0.13 + + + + +

Huang Zhw reports:

+
+ On 32-bit versions, Redis BITFIELD command is vulnerable to integer + overflow that can potentially be exploited to corrupt the heap, + leak arbitrary heap contents or trigger remote code execution. + The vulnerability involves constructing specially crafted bit + commands which overflow the bit offset. +
+
+ This problem only affects 32-bit versions of Redis. +
+

+ + + + CVE-2021-32761 + https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj + + + 2021-07-04 + 2021-07-22 + + + chromium -- multiple vulnerabilities -- 2.32.0