CVE-2021-31294

EUVD-2021-18204
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
redisredis
𝑥
< 6.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
redis
bookworm
5:7.0.15-1~deb12u1
fixed
bookworm (security)
5:7.0.15-1~deb12u1
fixed
bullseye
ignored
bullseye (security)
vulnerable
buster
no-dsa
sid
5:7.0.15-2
fixed
trixie
5:7.0.15-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
redis
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
https://github.com/redis/redis/issues/8712
https://security.netapp.com/advisory/ntap-20230814-0007/
https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
https://github.com/redis/redis/issues/8712
https://security.netapp.com/advisory/ntap-20230814-0007/