|
Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="c561ce49-eabc-11eb-9c3f-0800270512f4"> |
| 2 |
<topic>redis -- Integer overflow issues with BITFIELD command on 32-bit systems</topic> |
| 3 |
<affects> |
| 4 |
<package> |
| 5 |
<name>redis</name> |
| 6 |
<range><lt>6.0.15</lt></range> |
| 7 |
</package> |
| 8 |
<package> |
| 9 |
<name>redis-devel</name> |
| 10 |
<range><lt>6.2.5</lt></range> |
| 11 |
</package> |
| 12 |
<package> |
| 13 |
<name>redis5</name> |
| 14 |
<range><lt>5.0.13</lt></range> |
| 15 |
</package> |
| 16 |
</affects> |
| 17 |
<description> |
| 18 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 19 |
<p>Huang Zhw reports:</p> |
| 20 |
<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"> |
| 21 |
<p> |
| 22 |
On 32-bit versions, Redis BITFIELD command is vulnerable to integer |
| 23 |
overflow that can potentially be exploited to corrupt the heap, |
| 24 |
leak arbitrary heap contents or trigger remote code execution. |
| 25 |
The vulnerability involves constructing specially crafted bit |
| 26 |
commands which overflow the bit offset. |
| 27 |
</p> |
| 28 |
<p> |
| 29 |
This problem only affects 32-bit versions of Redis. |
| 30 |
</p> |
| 31 |
</blockquote> |
| 32 |
</body> |
| 33 |
</description> |
| 34 |
<references> |
| 35 |
<cvename>CVE-2021-32761</cvename> |
| 36 |
<url>https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj</url> |
| 37 |
</references> |
| 38 |
<dates> |
| 39 |
<discovery>2021-07-04</discovery> |
| 40 |
<entry>2021-07-22</entry> |
| 41 |
</dates> |
| 42 |
</vuln> |
| 43 |
|
| 1 |
<vuln vid="76487640-ea29-11eb-a686-3065ec8fd3ec"> |
44 |
<vuln vid="76487640-ea29-11eb-a686-3065ec8fd3ec"> |
| 2 |
<topic>chromium -- multiple vulnerabilities</topic> |
45 |
<topic>chromium -- multiple vulnerabilities</topic> |
| 3 |
<affects> |
46 |
<affects> |
| 4 |
- |
|
|