Integer Overflow or Wraparound Affecting redis-doc package, versions <0:5.0.3-5.module+el8.4.0+20382+7694043a


Severity

Recommended
0.0
high
0
10

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.38% (73rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE8-REDISDOC-2587801
  • published10 Apr 2022
  • disclosed4 Oct 2021

Introduced: 4 Oct 2021

CVE-2021-32627  (opens in a new tab)
CWE-190  (opens in a new tab)
CWE-680  (opens in a new tab)

How to fix?

Upgrade Oracle:8 redis-doc to version 0:5.0.3-5.module+el8.4.0+20382+7694043a or higher.
This issue was patched in ELSA-2021-3918.

NVD Description

Note: Versions mentioned in the description apply only to the upstream redis-doc package and not the redis-doc package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS Scores

version 3.1