Bug 1184889 (CVE-2021-3470)

Summary: VUL-0: CVE-2021-3470: redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/280601/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2021-04-16 13:58:10 UTC
CVE-2021-3470

When using a system with no malloc_usable_size(), zmalloc_size() assumed that the heap allocator always returns blocks that are long-padded. This may not always be the case, and will result with zmalloc_size() returning a size that is bigger than allocated. At least in one case this leads to out of bound write, process crash and a potential security vulnerability. Effectively this does not affect the vast majority of users, who use jemalloc or glibc.

Upstream pull request:
https://github.com/redis/redis/pull/7963

Upstream commit:
https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95

Release notes:
https://raw.githubusercontent.com/redis/redis/5.0.10/00-RELEASENOTES
https://raw.githubusercontent.com/redis/redis/6.0.9/00-RELEASENOTES

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1943623
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3470
https://access.redhat.com/security/cve/CVE-2021-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3470
Comment 1 Alexandros Toptsoglou 2021-04-16 13:59:03 UTC
We ship the version 6.0.10 which is not affected.