The sdsnewlen and sdsMakeRoomFor function implemented in sds.c is quite similiar to those in the redis. Thus, it's very likely that this integer overflow in CVE-2021-21309 also affects webdis.
Here is the patch for CVE-2021-21309 for your reference if this issue needs to be fixed.
The
sdsnewlen
andsdsMakeRoomFor
function implemented in sds.c is quite similiar to those in the redis. Thus, it's very likely that this integer overflow in CVE-2021-21309 also affects webdis. Here is the patch for CVE-2021-21309 for your reference if this issue needs to be fixed.