Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-41099
HistoryOct 04, 2021 - 12:00 a.m.

CVE-2021-41099

2021-10-0400:00:00
ubuntu.com
ubuntu.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

Redis is an open source, in-memory database that persists on disk. An
integer overflow bug in the underlying string library can be used to
corrupt the heap and potentially result with denial of service or remote
code execution. The vulnerability involves changing the default
proto-max-bulk-len configuration parameter to a very large value and
constructing specially crafted network payloads or commands. The problem is
fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround
to mitigate the problem without patching the redis-server executable is to
prevent users from modifying the proto-max-bulk-len configuration
parameter. This can be done using ACL to restrict unprivileged users from
using the CONFIG SET command.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchredis< 5:5.0.7-2ubuntu0.1+esm1UNKNOWN
ubuntu18.04noarchredis< 5:4.0.9-1ubuntu0.2+esm3UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%