PT-2021-7834 · Redis+2 · Redis+2
Mauro Matteo Cascella
·
Published
2021-03-31
·
Updated
2023-07-07
·
CVE-2021-3470
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Redis versions prior to 5.0.10
Redis versions prior to 6.0.9
Redis versions prior to 6.2.0
Description
A heap overflow issue was found in Redis when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. This flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. The vulnerability is related to the malloc function of the Redis database management system and is associated with a heap overflow when using a heap allocator, which could lead to a possible out-of-bounds write or process crash. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.
Recommendations
For versions prior to 5.0.10, update to version 5.0.10 or later.
For versions prior to 6.0.9, update to version 6.0.9 or later.
For versions prior to 6.2.0, update to version 6.2.0 or later.
Fix
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Redis