You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an OOM panic.
Patches
The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17.
Credit
The issue has been identified by Xion (SeungHyun Lee) of KAIST GoN
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users issuing specially crafted
SETRANGE
andSORT(_RO)
commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an OOM panic.Patches
The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17.
Credit
The issue has been identified by Xion (SeungHyun Lee) of KAIST GoN
For more information
If you have any questions or comments about this advisory: