CVE-2021-3470

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

5.3MEDIUM

EPSS

0.7%

top 28.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redislabs Redis

Timeline

PublishedMar 31

Latest updateMay 24

Description

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDredislabs/redis6.0.0 — 6.0.9+2

▶Debianredis< 5:6.0.9-1+3

▶CVEListV5redisredis 5.0.10, redis 6.0.9, redis 6.2.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqmr-8cxh-pqf6: A heap overflow issue was found in Redis in versions before 5↗2022-05-24

▶

OSV

CVE-2021-3470: A heap overflow issue was found in Redis in versions before 5↗2021-03-31

▶

CVEList

CVE-2021-3470: A heap overflow issue was found in Redis in versions before 5↗2021-03-31

▶

📋Vendor Advisories

Microsoft

A heap overflow issue was found in Redis in versions before 5.0.10 before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc leading to potential out of bound wri↗2021-03-09

▶

Debian

CVE-2021-3470: redis - A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9...↗2021

▶

Red Hat

redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc↗2020-10-26

▶