Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803302 (CVE-2021-32761) - <dev-db/redis-{5.0.13, 6.0.15, 6.2.5}: integer interflow on 32 bit builds (CVE-2021-32761)
Summary: <dev-db/redis-{5.0.13, 6.0.15, 6.2.5}: integer interflow on 32 bit builds (CV...
Status: IN_PROGRESS
Alias: CVE-2021-32761
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://github.com/redis/redis/securi...
Whiteboard: B1 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-22 01:41 UTC by John Helmert III
Modified: 2021-08-10 01:02 UTC (History)
1 user (show)

See Also:
Package list:
dev-db/redis-5.0.13 amd64 arm arm64 ppc ppc64 x86 dev-db/redis-6.0.15 dev-db/redis-6.2.5
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-07-22 01:41:46 UTC
CVE-2021-32761:

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Comment 1 Larry the Git Cow gentoo-dev 2021-07-22 03:23:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0f98815a09bb06475b449dd39f22f7b1db5b95b

commit e0f98815a09bb06475b449dd39f22f7b1db5b95b
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-07-22 03:16:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-07-22 03:20:30 +0000

    dev-db/redis: add 6.2.5
    
    Bug: https://bugs.gentoo.org/803302
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest           |   1 +
 dev-db/redis/redis-6.2.5.ebuild | 187 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 188 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f266cf68fb019637e64c1ad59d5d9104d13ab4e

commit 3f266cf68fb019637e64c1ad59d5d9104d13ab4e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-07-22 03:16:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-07-22 03:20:29 +0000

    dev-db/redis: add 6.0.15
    
    Bug: https://bugs.gentoo.org/803302
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-6.0.15.ebuild | 187 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 188 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e952405376b422bad1507756c5bfa74f14d81fed

commit e952405376b422bad1507756c5bfa74f14d81fed
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-07-22 03:16:02 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-07-22 03:20:28 +0000

    dev-db/redis: add 5.0.13
    
    Bug: https://bugs.gentoo.org/803302
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-5.0.13.ebuild | 160 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 161 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2021-07-23 07:18:45 UTC
sparc stable
Comment 3 Agostino Sarubbo gentoo-dev 2021-07-23 07:19:33 UTC
x86 stable
Comment 4 Sam James archtester gentoo-dev Security 2021-07-26 00:52:59 UTC
amd64 done
Comment 5 Sam James archtester gentoo-dev Security 2021-07-26 00:53:20 UTC
arm done
Comment 6 Sam James archtester gentoo-dev Security 2021-07-26 00:54:00 UTC
ppc done
Comment 7 Sam James archtester gentoo-dev Security 2021-07-26 00:54:08 UTC
ppc64 done
Comment 8 Sam James archtester gentoo-dev Security 2021-07-26 00:54:42 UTC
arm64 done

all arches done
Comment 9 Larry the Git Cow gentoo-dev 2021-08-09 16:31:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eaf833dcc599b9408fe734b48a8a6de56289de4

commit 1eaf833dcc599b9408fe734b48a8a6de56289de4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-08-09 16:29:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-08-09 16:30:56 +0000

    dev-db/redis: drop 5.0.12, 6.0.14, 6.2.4
    
    Bug: https://bugs.gentoo.org/803302
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   3 -
 dev-db/redis/redis-5.0.12.ebuild | 164 ---------------------------------
 dev-db/redis/redis-6.0.14.ebuild | 189 ---------------------------------------
 dev-db/redis/redis-6.2.4.ebuild  | 189 ---------------------------------------
 4 files changed, 545 deletions(-)