Integer overflow in certain command arguments can drive Redis to OOM panic

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

整数溢出或超界折返

Redis 输入验证错误漏洞

Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值（Key-Value）存储数据库，并提供多种语言的API。 Redis 7.0.8版本之前的7.0.x版本、6.2.9版本之前的6.2.x版本和6.0.17版本之前的6.0.x版本存在输入验证错误漏洞，该漏洞源于。，经过身份验证的用户发出特制的SETRANGE和SORT(_RO)命令可能会触发整数溢出，导致Redis尝试分配不可能的内存量并因内存不足而中止。

N/A

N/A