-
Notifications
You must be signed in to change notification settings - Fork 23.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent unauthenticated client from easily consuming lots of memory (…
…CVE-2021-32675) This change sets a low limit for multibulk and bulk length in the protocol for unauthenticated connections, so that they can't easily cause redis to allocate massive amounts of memory by sending just a few characters on the network. The new limits are 10 arguments of 16kb each (instead of 1m of 512mb) (cherry picked from commit 3d221e81f3b680543e34942579af190b049ff283)
- Loading branch information
Showing
2 changed files
with
24 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters