Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.15.0
Description
Redis recently implemented a response to a CVE which allows for unauthenticated users to craft RESP requests which consume a lot of memory. Our implementation suffers from the same problem.
For example, a command input starting with `*<MAX_INT>` would result in the JVM trying to allocate an array of size `MAX_INT`.
We need to be able to provide the same safeguards as Redis does.
Attachments
Issue Links
- links to