Skip to content

Integer overflow issues with BITFIELD command on 32-bit systems

High
yossigo published GHSA-8wxq-j7rp-g8wj Jul 21, 2021

Package

No package listed

Affected versions

2.2 or newer

Patched versions

5.0.13, 6.0.15, 6.2.5

Description

Impact

On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset.

This problem only affects 32-bit versions of Redis.

Patches

The problem is fixed in Redis 6.2.5, 6.0.15, 5.0.13.

Workarounds

An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from using the BITFIELD command. This can be done using ACL in Redis 6.0 and above.

Credit

This issue was discovered and reported by Huang Zhw.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID

CVE-2021-32761

Credits