{"schema_version":"1.7.2","id":"OESA-2021-1172","modified":"2021-05-06T11:02:52Z","published":"2021-05-06T11:02:52Z","upstream":["CVE-2021-3470"],"summary":"redis security update","details":"Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0026apos;s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.(CVE-2021-3470)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"redis","purl":"pkg:rpm/openEuler/redis\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.11-14.oe1"}]}],"ecosystem_specific":{"aarch64":["redis-4.0.11-14.oe1.aarch64.rpm","redis-debugsource-4.0.11-14.oe1.aarch64.rpm","redis-debuginfo-4.0.11-14.oe1.aarch64.rpm"],"src":["redis-4.0.11-14.oe1.src.rpm"],"x86_64":["redis-debugsource-4.0.11-14.oe1.x86_64.rpm","redis-debuginfo-4.0.11-14.oe1.x86_64.rpm","redis-4.0.11-14.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1172"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3470"}],"database_specific":{"severity":"Medium"}}