Redis `*BIT*` command are vulnerable to an integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents, or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands.
|Product||Affected version||Unaffected version|
In this regard, we recommend that users upgrade Redis to the latest version in time.
The post CVE-2021-32761: Redis remote code execution vulnerability alert appeared first on InfoTech News.