CVE-2021-31294
N/A
N/A
Summary
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/redis/redis/issues/8712
- https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
- https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
- https://security.netapp.com/advisory/ntap-20230814-0007/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/redis/redis/issues/8712
- https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
- https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
- https://security.netapp.com/advisory/ntap-20230814-0007/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.