CVE-2021-31294

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

History

14 Aug 2023, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20230814-0007/ -

04 Aug 2023, 17:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.9

26 Jul 2023, 01:12

Type Values Removed Values Added
CPE cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-617
References (MISC) https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f - (MISC) https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f - Patch
References (MISC) https://github.com/redis/redis/issues/8712 - (MISC) https://github.com/redis/redis/issues/8712 - Exploit, Third Party Advisory
References (MISC) https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48 - (MISC) https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48 - Patch

15 Jul 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-15 23:15

Updated : 2024-02-05 00:01


NVD link : CVE-2021-31294

Mitre link : CVE-2021-31294

CVE.ORG link : CVE-2021-31294


JSON object : View

Products Affected

redis

  • redis
CWE
CWE-617

Reachable Assertion