CVE-2021-3470
Last modified
CVE-2021-3470 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Redislabs | Redis | < 5.0.10 | — |
| Redislabs | Redis | >= 6.0.0, < 6.0.9 | — |
| Redislabs | Redis | 6.2.0 | Rc1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1943623Issue Tracking, Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1943623Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3470?
How severe is CVE-2021-3470?
How do I fix CVE-2021-3470?
Are you affected by CVE-2021-3470?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST