CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

Redis es una base de datos en memoria que persiste en el disco. Se presenta una vulnerabilidad que implica una lectura fuera de límites y el desbordamiento de enteros a desbordamiento de búfer a partir de la versión 2.2 y anterior a las versiones 5.0.13, 6.0.15 y 6.2.5. En los sistemas de 32 bits, el comando "*BIT*" de Redis es vulnerable al desbordamiento de enteros que puede ser potencialmente explotado para corromper la pila, filtrar contenidos arbitrarios de pila o desencadenar una ejecución de código remota . La vulnerabilidad implica cambiar el parámetro de configuración "proto-max-bulk-len" predeterminado a un valor muy grande y construir comandos de bits especialmente diseñados. Este problema sólo afecta a Redis en plataformas de 32 bits, o compilado como un binario de 32 bits. Redis versiones 5.0.3m 6.0.15, y 6.2.5 contienen parches para este problema. Una solución adicional para mitigar el problema sin parchear el ejecutable "redis-server" es prevenir que usuarios modifiquen el parámetro de configuración "proto-max-bulk-len". Esto puede hacerse usando ACL para restringir a usuarios sin privilegios de usar el comando CONFIG SET