CVE-2021-3470
Summary
| CVE | CVE-2021-3470 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-31 14:15:00 UTC |
| Updated | 2021-04-05 18:37:00 UTC |
| Description | A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1943623 – (CVE-2021-3470) CVE-2021-3470 redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180007 Debian Security Update for redis (CVE-2021-3470)
- 500599 Alpine Linux Security Update for redis
- 501486 Alpine Linux Security Update for redis
- 501774 Alpine Linux Security Update for redis
- 504353 Alpine Linux Security Update for redis
- 900251 CBL-Mariner Linux Security Update for redis 5.0.5
- 901765 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (6852-1)
- 903620 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (4039)