CVE-2021-31294
- Source
- https://cve.org/CVERecord?id=CVE-2021-31294
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31294.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31294
- Aliases
- Downstream
- Published
- 2023-07-15T23:15:09.203Z
- Modified
- 2026-02-22T07:32:44.342079Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
- References
-
- https://github.com/redis/redis/issues/8712
- https://security.netapp.com/advisory/ntap-20230814-0007/
- https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
- https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
- https://github.com/redis/redis/issues/8712
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
6.*
6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.2
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31294.json"
vanir_signatures
[
{
"id": "CVE-2021-31294-4649935c",
"target": {
"function": "processCommand",
"file": "src/server.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48",
"digest": {
"function_hash": "282123370244413014246199029746729897148",
"length": 7030.0
},
"signature_type": "Function"
},
{
"id": "CVE-2021-31294-987a7952",
"target": {
"file": "src/server.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"276382160438463011791802486832098299543",
"81607497027349941400853452622911852480",
"174079452592190344646743064570921806917",
"22113432673264524511123880544413766800",
"159146439693756605255239566703403474960",
"308353159144754152971991578537313484920",
"215022253635914417357690862670091515120",
"68898065989528973432968670459207424448",
"145822087540847534025611738967447833776",
"75200904934883108131631146582879460284"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2021-31294-afd6e43e",
"target": {
"function": "processCommand",
"file": "src/server.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f",
"digest": {
"function_hash": "282123370244413014246199029746729897148",
"length": 7030.0
},
"signature_type": "Function"
},
{
"id": "CVE-2021-31294-e9048c40",
"target": {
"file": "src/server.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48",
"digest": {
"threshold": 0.9,
"line_hashes": [
"276382160438463011791802486832098299543",
"81607497027349941400853452622911852480",
"174079452592190344646743064570921806917",
"22113432673264524511123880544413766800",
"159146439693756605255239566703403474960",
"308353159144754152971991578537313484920",
"215022253635914417357690862670091515120",
"68898065989528973432968670459207424448",
"145822087540847534025611738967447833776",
"75200904934883108131631146582879460284"
]
},
"signature_type": "Line"
}
]