CVE-2021-32761: Redis remote code execution vulnerability alert
Vulnerability Detail
Redis `*BIT*` command are vulnerable to an integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents, or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands.
Affected version
Product | Affected version | Unaffected version |
---|---|---|
Redis:Redis | >2.2/<5.0.13 | 5.0.13 |
Redis:Redis | >2.2/<6.0.15 | 6.0.15 |
Redis:Redis | >2.2/<6.2.5 | 6.2.5 |
Solution
In this regard, we recommend that users upgrade Redis to the latest version in time.