OESA-2021-1172

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1172

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1172.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2021-1172

Upstream

CVE-2021-3470

Published

2021-05-06T11:02:52Z

Modified

2025-09-03T06:17:28.912719Z

Summary

redis security update

Details

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.

Security Fix(es):

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.(CVE-2021-3470)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / redis

Package

Name: redis
Purl: pkg:rpm/openEuler/redis&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.11-14.oe1

Ecosystem specific

{
    "x86_64": [
        "redis-debugsource-4.0.11-14.oe1.x86_64.rpm",
        "redis-debuginfo-4.0.11-14.oe1.x86_64.rpm",
        "redis-4.0.11-14.oe1.x86_64.rpm"
    ],
    "src": [
        "redis-4.0.11-14.oe1.src.rpm"
    ],
    "aarch64": [
        "redis-4.0.11-14.oe1.aarch64.rpm",
        "redis-debugsource-4.0.11-14.oe1.aarch64.rpm",
        "redis-debuginfo-4.0.11-14.oe1.aarch64.rpm"
    ]
}