Ubuntu.comUB:CVE-2021-31294CVE-2021-31294
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.2%
Redis before 6cbea7d allows a replica to cause an assertion failure in a
primary server by sending a non-administrative command (specifically, a SET
command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions
before 6.2 were not intended to have safety guarantees related to this.
References
github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
github.com/redis/redis/issues/8712
launchpad.net/bugs/cve/CVE-2021-31294
nvd.nist.gov/vuln/detail/CVE-2021-31294
security-tracker.debian.org/tracker/CVE-2021-31294
www.cve.org/CVERecord?id=CVE-2021-31294
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.2%