VDB

GCVE-VVD-MAGEIA-2021-373

GCVE-VVD-MAGEIA-2021-373
Advisory Published
Vulnetix · Advisory published July 25, 2021
An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution (CVE-2021-29477). An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution (CVE-2021-29478). A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15 and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution (CVE-2021-32761).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaredis0 (affected), 6.0.15-1.mga8 (unaffected)

Aliases

CVE-2021-29478

Transitive aliases

BDU:2021-02584VVD-GENTOO-2021-788211EUVD-2021-16085

References

Updated redis package fixes security vulnerabilities
advisory
Updated redis package fixes security vulnerabilities
issue
Updated redis package fixes security vulnerabilities
issue
Updated redis package fixes security vulnerabilities
issue
Updated redis package fixes security vulnerabilities
issue
Updated redis package fixes security vulnerabilities
issue
Updated redis package fixes security vulnerabilities
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›