diff options
Diffstat (limited to 'meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29478.patch')
-rw-r--r-- | meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29478.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29478.patch b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29478.patch deleted file mode 100644 index ebbf6e1b94..0000000000 --- a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29478.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 29900d4e6bccdf3691bedf0ea9a5d84863fa3592 Mon Sep 17 00:00:00 2001 -From: Oran Agra <oran@redislabs.com> -Date: Mon, 3 May 2021 08:27:22 +0300 -Subject: [PATCH] Fix integer overflow in intset (CVE-2021-29478) - -An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and -potentially result with remote code execution. - -The vulnerability involves changing the default set-max-intset-entries -configuration value, creating a large set key that consists of integer values -and using the COPY command to duplicate it. - -The integer overflow bug exists in all versions of Redis starting with 2.6, -where it could result with a corrupted RDB or DUMP payload, but not exploited -through COPY (which did not exist before 6.2). - -CVE: CVE-2021-29478 -Upstream-Status: Backport -[https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592] - -Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> - ---- - src/intset.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/intset.c b/src/intset.c -index 1a64ecae8..9ba13898d 100644 ---- a/src/intset.c -+++ b/src/intset.c -@@ -281,7 +281,7 @@ uint32_t intsetLen(const intset *is) { - - /* Return intset blob size in bytes. */ - size_t intsetBlobLen(intset *is) { -- return sizeof(intset)+intrev32ifbe(is->length)*intrev32ifbe(is->encoding); -+ return sizeof(intset)+(size_t)intrev32ifbe(is->length)*intrev32ifbe(is->encoding); - } - - /* Validate the integrity of the data structure. --- -2.32.0 - |