[
https://issues.apache.org/jira/browse/GEODE-9676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen Nichols closed GEODE-9676.
-------------------------------
> Limit Radish RESP bulk input sizes for unauthenticated connections
> ------------------------------------------------------------------
>
> Key: GEODE-9676
> URL: https://issues.apache.org/jira/browse/GEODE-9676
> Project: Geode
> Issue Type: Improvement
> Components: redis
> Affects Versions: 1.15.0
> Reporter: Jens Deppe
> Assignee: Jens Deppe
> Priority: Major
> Labels: pull-request-available, redis
> Fix For: 1.15.0
>
>
> Redis recently implemented a response to a CVE which allows for
> unauthenticated users to craft RESP requests which consume a lot of memory.
> Our implementation suffers from the same problem.
> For example, a command input starting with `*<MAX_INT>` would result in the
> JVM trying to allocate an array of size `MAX_INT`.
> We need to be able to provide the same safeguards as Redis does.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
