[ https://issues.apache.org/jira/browse/GEODE-9676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jens Deppe resolved GEODE-9676. ------------------------------- Fix Version/s: 1.15.0 Assignee: Jens Deppe Resolution: Fixed > Limit Radish RESP bulk input sizes for unauthenticated connections > ------------------------------------------------------------------ > > Key: GEODE-9676 > URL: https://issues.apache.org/jira/browse/GEODE-9676 > Project: Geode > Issue Type: Improvement > Components: redis > Affects Versions: 1.15.0 > Reporter: Jens Deppe > Assignee: Jens Deppe > Priority: Major > Labels: pull-request-available, redis > Fix For: 1.15.0 > > > Redis recently implemented a response to a CVE which allows for > unauthenticated users to craft RESP requests which consume a lot of memory. > Our implementation suffers from the same problem. > For example, a command input starting with `*<MAX_INT>` would result in the > JVM trying to allocate an array of size `MAX_INT`. > We need to be able to provide the same safeguards as Redis does. -- This message was sent by Atlassian Jira (v8.3.4#803005)