CVE-2021-31294
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-31294
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31294.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31294
- Aliases
- Downstream
- Published
- 2023-07-15T23:15:09.203Z
- Modified
- 2025-11-20T11:44:26.467354Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
- References
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
6.*
6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.2
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore
Database specific
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "src/server.c",
"function": "processCommand"
},
"digest": {
"length": 7030.0,
"function_hash": "282123370244413014246199029746729897148"
},
"id": "CVE-2021-31294-4649935c",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/server.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"276382160438463011791802486832098299543",
"81607497027349941400853452622911852480",
"174079452592190344646743064570921806917",
"22113432673264524511123880544413766800",
"159146439693756605255239566703403474960",
"308353159144754152971991578537313484920",
"215022253635914417357690862670091515120",
"68898065989528973432968670459207424448",
"145822087540847534025611738967447833776",
"75200904934883108131631146582879460284"
]
},
"id": "CVE-2021-31294-987a7952",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/server.c",
"function": "processCommand"
},
"digest": {
"length": 7030.0,
"function_hash": "282123370244413014246199029746729897148"
},
"id": "CVE-2021-31294-afd6e43e",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "src/server.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"276382160438463011791802486832098299543",
"81607497027349941400853452622911852480",
"174079452592190344646743064570921806917",
"22113432673264524511123880544413766800",
"159146439693756605255239566703403474960",
"308353159144754152971991578537313484920",
"215022253635914417357690862670091515120",
"68898065989528973432968670459207424448",
"145822087540847534025611738967447833776",
"75200904934883108131631146582879460284"
]
},
"id": "CVE-2021-31294-e9048c40",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48",
"signature_version": "v1"
}
]