OESA-2021-1221

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1221
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1221.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1221
Upstream
Published
2021-06-12T11:02:57Z
Modified
2025-08-12T05:08:04.292639Z
Summary
redis security update
Details

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.

Security Fix(es):

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.(CVE-2021-29478)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / redis

Package

Name
redis
Purl
pkg:rpm/openEuler/redis&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.11-15.oe1

Ecosystem specific 

{
    "src": [
        "redis-4.0.11-15.oe1.src.rpm"
    ],
    "x86_64": [
        "redis-4.0.11-15.oe1.x86_64.rpm",
        "redis-debugsource-4.0.11-15.oe1.x86_64.rpm",
        "redis-debuginfo-4.0.11-15.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "redis-debuginfo-4.0.11-15.oe1.aarch64.rpm",
        "redis-4.0.11-15.oe1.aarch64.rpm",
        "redis-debugsource-4.0.11-15.oe1.aarch64.rpm"
    ]
}