Описание
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
A heap overflow issue was found in Redis when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc.
Отчет
The following products are not affected by this flaw because they use jemalloc as default heap allocator:
- Red Hat Enterprise Linux 8
- Red Hat Software Collections
- Red Hat Advanced Cluster Management for Kubernetes In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP redis package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | redisgraph-tls | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | search-api | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | redis | Not affected | ||
| Red Hat Ansible Tower 3 | redis | Not affected | ||
| Red Hat Enterprise Linux 8 | redis:5/redis | Not affected | ||
| Red Hat Enterprise Linux 8 | redis:6/redis | Not affected | ||
| Red Hat Enterprise Linux 9 | redis | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | redis | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | redis | Will not fix | ||
| Red Hat Software Collections | rh-redis5-redis | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
A heap overflow issue was found in Redis in versions before 5.0.10, be ...
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
5.3 Medium
CVSS3