Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-29477

An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0.Integer overflow in COPY command for large intsets. The issue is fixed in Redis version 6.2.3.

Source

Severity Medium

Remote Yes

Type Arbitrary code execution

Description

An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0.Integer overflow in COPY command for large intsets. The issue is fixed in Redis version 6.2.3.

AVG-1909 redis 6.2.2-1 6.2.3-1 Medium Fixed

https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
https://github.com/redis/redis/commit/92e3b1802f72ca0c5b0bde97f01d9b57a758d85c

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect