HomeFreeBSD

Security update to the recent version 5.0.11 if you use 32bit build of redis.

Description

Security update to the recent version 5.0.11 if you use 32bit build of redis.

Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

Various bugfixes.

Details

Provenance
osaAuthored on
Parents
rP566398: Document integer overflow on 32-bit systems (CVE-2021-21309):
Branches
Unknown
Tags
Unknown