5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.7%
A heap overflow issue was found in Redis in versions before 5.0.10, before
6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or
glibc’s malloc, leading to potential out of bound write or process crash.
Effectively this flaw does not affect the vast majority of users, who use
jemalloc or glibc malloc.
bugzilla.redhat.com/show_bug.cgi?id=1943623
github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
github.com/redis/redis/pull/7963
launchpad.net/bugs/cve/CVE-2021-3470
nvd.nist.gov/vuln/detail/CVE-2021-3470
security-tracker.debian.org/tracker/CVE-2021-3470
www.cve.org/CVERecord?id=CVE-2021-3470
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.7%