From d4165282fca217d6969d7e901c112b53f2dcbc59 Mon Sep 17 00:00:00 2001
From: Yasuhiro Kimura <yasu@utahime.org>
Date: Tue, 4 May 2021 05:58:18 +0900
Subject: [PATCH] security/vuxml: Document multiple vulnerabilities in redis

Document multiple vulnerabilities in redis (CVE-2021-29477,
CVE-2021-29478).
---
 security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index da24c21cf97a..c61641d58327 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -76,6 +76,55 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="d8b5e232-ac4e-11eb-ab5d-080027f515ea">
+    <topic>redis -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+	<range><ge>6.0.0</ge><lt>6.0.13</lt></range>
+      </package>
+      <package>
+	<name>redis-devel</name>
+	<range><ge>6.2.0</ge><lt>6.2.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Redis project reports:</p>
+	<blockquote cite="https://groups.google.com/g/redis-db/c/6GSWzTW0PR8">
+	  <dl>
+	    <dt>Vulnerability in the STRALGO LCS command</dt>
+	    <dd>
+	      An integer overflow bug in Redis version 6.0 or newer could be
+	      exploited using the STRALGO LCS command to corrupt the heap and
+	      potentially result with remote code execution.
+	    </dd>
+	    <dt>Vulnerability in the COPY command for large intsets</dt>
+	    <dd>
+	      An integer overflow bug in Redis 6.2 could be exploited to corrupt
+	      the heap and potentially result with remote code execution.
+	      The vulnerability involves changing the default set-max-intset-entries
+	      configuration value, creating a large set key that consists of
+	      integer values and using the COPY command to duplicate it.
+	      The integer overflow bug exists in all versions of Redis starting
+	      with 2.6, where it could result with a corrupted RDB or DUMP payload,
+	      but not exploited through COPY (which did not exist before 6.2).
+	    </dd>
+	  </dl>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-29477</cvename>
+      <cvename>CVE-2021-29478</cvename>
+      <url>https://groups.google.com/g/redis-db/c/6GSWzTW0PR8</url>
+    </references>
+    <dates>
+      <discovery>2021-05-03</discovery>
+      <entry>2021-05-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="0add6e6b-6883-11eb-b0cb-f8b156c2bfe9">
     <topic>sympa -- Unauthorised full access via SOAP API due to illegal cookie</topic>
     <affects>
-- 
2.31.1