CVE-2021-29478 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-29478 Interim 1 20 2025-02-17T00:44:25Z current 2021-05-30T14:49:30Z 2025-02-17T00:44:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-29478 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-May/008787.html E-Mail link for SUSE-SU-2021:1652-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z32YY6DUIFNGIYRC6JPVBZ2WTPYN5SOY/ E-Mail link for openSUSE-SU-2021:0682-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.2 openSUSE Tumbleweed redis-6.0.13-1.10.1 redis-6.0.13-lp152.2.3.1 redis-6.2.5-1.2 redis-6.2.6-150400.1.5 redis-6.0.13-1.10.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 redis-6.0.13-1.10.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 redis-6.2.6-150400.1.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 redis-6.0.13-lp152.2.3.1 as a component of openSUSE Leap 15.2 redis-6.2.5-1.2 as a component of openSUSE Tumbleweed Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. CVE-2021-29478 SUSE Linux Enterprise Module for Server Applications 15 SP2:redis-6.0.13-1.10.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:redis-6.0.13-1.10.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:redis-6.2.6-150400.1.5 openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1 openSUSE Tumbleweed:redis-6.2.5-1.2 important 6 AV:N/AC:M/Au:S/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H