Candidate: CVE-2021-3470
PublicDate: 2021-03-31 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3470
 https://github.com/redis/redis/pull/7963
 https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
 https://bugzilla.redhat.com/show_bug.cgi?id=1943623
Description:
 A heap overflow issue was found in Redis in versions before 5.0.10, before
 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or
 glibc's malloc, leading to potential out of bound write or process crash.
 Effectively this flaw does not affect the vast majority of users, who use
 jemalloc or glibc malloc.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]


Patches_redis:
upstream_redis: released (5:6.0.9-1)
precise/esm_redis: DNE
trusty_redis: ignored (out of standard support)
trusty/esm_redis: needs-triage
xenial_redis: ignored (end of standard support, was needs-triage)
bionic_redis: needs-triage
focal_redis: needs-triage
groovy_redis: ignored (reached end-of-life)
hirsute_redis: not-affected (5:6.0.11-1)
impish_redis: not-affected (5:6.0.11-1)
jammy_redis: not-affected (5:6.0.11-1)
devel_redis: not-affected (5:6.0.11-1)