CVE-2021-29478

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

07 Nov 2023, 03:32

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/', 'name': 'FEDORA-2021-3b267a756c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/', 'name': 'FEDORA-2021-8b19c99d6a', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ -

04 Jun 2022, 01:40

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202107-20 - Third Party Advisory

18 May 2021, 13:33

Type Values Removed Values Added
CPE cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 6.0
v3 : 8.8
References (MISC) https://redis.io/ - (MISC) https://redis.io/ - Product
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ - Mailing List, Third Party Advisory
References (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 - (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ - Mailing List, Third Party Advisory

12 May 2021, 18:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ -

12 May 2021, 08:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ -

04 May 2021, 17:27

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-04 16:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-29478

Mitre link : CVE-2021-29478

CVE.ORG link : CVE-2021-29478


JSON object : View

Products Affected

fedoraproject

  • fedora

redislabs

  • redis
CWE
CWE-190

Integer Overflow or Wraparound