Bug 2011004 (CVE-2021-32628)
Summary: | CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | agerstmayr, amackenz, amasferr, apevec, bcoca, bdettelb, caswilli, chazlett, chousekn, cmeyers, davidn, dbecker, drieden, fabian.deutsch, fedora, fpercoco, gblomqui, gghezzo, gparvin, hhorak, jal233, jcammara, jhardy, jjoyce, jobarker, jorton, jramanat, jschluet, jwong, kaycoth, lhh, lpeer, mabashia, mburns, mgoodwin, mkudlej, mmagr, nathans, notting, osapryki, pahickey, rcollet, redis-maint, relrod, rhos-maint, rpetrell, sclewis, sdoran, slinaber, smcdonal, stcannon, tjochec, tkuratom, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | redis 6.2.6, redis 6.0.16, redis 5.0.14 | Doc Type: | If docs needed, set a value |
Doc Text: |
An integer overflow issue was found in the redis ziplist data structure. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-15 02:08:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2012214, 2011205, 2011490, 2011491, 2011492, 2011493, 2011494, 2011495, 2011496, 2011497, 2011498, 2011499, 2011590, 2011647, 2011663, 2011741, 2012213, 2012379, 2012380, 2013311, 2013312, 2015073, 2015870, 2015871 | ||
Bug Blocks: | 2011061 |
Description
Pedro Sampaio
2021-10-05 18:35:43 UTC
Created redis tracking bugs for this issue: Affects: epel-7 [bug 2012214] Affects: fedora-all [bug 2012213] This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7 Via RHSA-2021:3873 https://access.redhat.com/errata/RHSA-2021:3873 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32628 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3918 https://access.redhat.com/errata/RHSA-2021:3918 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Via RHSA-2021:3925 https://access.redhat.com/errata/RHSA-2021:3925 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:3947 https://access.redhat.com/errata/RHSA-2021:3947 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3944 https://access.redhat.com/errata/RHSA-2021:3944 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3946 https://access.redhat.com/errata/RHSA-2021:3946 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3945 https://access.redhat.com/errata/RHSA-2021:3945 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 7 Via RHSA-2021:3949 https://access.redhat.com/errata/RHSA-2021:3949 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2021:3971 https://access.redhat.com/errata/RHSA-2021:3971 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2021:3980 https://access.redhat.com/errata/RHSA-2021:3980 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2021:4618 https://access.redhat.com/errata/RHSA-2021:4618 |