Oranagrapu

**Name of the Vulnerable Software and Affected Versions** Redis versions 6.0 through 6.2.2 Redis versions 6.0 through 6.0.12 **Description** The issue is related to an integer overflow bug in Redis that can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result in remote code execution. This can allow a remote attacker to execute arbitrary code. **Recommendations** For Redis versions 6.0 through 6.2.2, update to version 6.2.3 or later. For Redis versions 6.0 through 6.0.12, update to version 6.0.13 or later. As a temporary workaround, consider using ACL configuration to prevent clients from using the `STRALGO LCS` command until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Redis versions 6.2.0 through 6.2.2 **Description** The issue is related to an integer overflow bug that could be exploited to corrupt the heap and potentially result in remote code execution. This can be achieved by modifying the `set-max-intset-entries` configuration parameter. The problem can be mitigated by preventing users from modifying this parameter using ACL to restrict unprivileged users from using the `CONFIG SET` command. **Recommendations** For Redis versions 6.2.0 through 6.2.2, update to version 6.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the `set-max-intset-entries` configuration parameter by using ACL to prevent unprivileged users from using the `CONFIG SET` command.