Lucene search

Veracode Vulnerability DatabaseVERACODE:30354

HistoryMay 06, 2021 - 4:01 a.m.

Remote Code Execution (RCE)

2021-05-0604:01:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.7%

redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which could corrupt the memory heap.

CPENameOperatorVersion
redis:sideq5:6.0.9-1
redis:bullseyeeq5:6.0.9-1
redis:sideq5:6.0.9-1
redis:bullseyeeq5:6.0.9-1

Name	Operator	Version
redis:sid	eq	5:6.0.9-1
redis:bullseye	eq	5:6.0.9-1
redis:sid	eq	5:6.0.9-1
redis:bullseye	eq	5:6.0.9-1

References

github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3

lists.fedoraproject.org/archives/list/[email protected]/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/

lists.fedoraproject.org/archives/list/[email protected]/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/

redis.io/

security-tracker.debian.org/tracker/CVE-2021-29478

security.gentoo.org/glsa/202107-20

0.005 Low

EPSS

Percentile

76.7%

Related for VERACODE:30354