Cyber Resilience

CVE-2021-29478

High

Published: 04 May 2021

Published
04 May 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0234 85.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-29478 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 14.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote…

more

code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redislabs
redis
6.2.0 — 6.2.3
fedoraproject
fedora
33, 34

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References