{ "threat_severity" : "Moderate", "public_date" : "2023-07-15T00:00:00Z", "bugzilla" : { "description" : "redis: an assertion failure in a primary server by sending a non-administrative command", "id" : "2223393", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2223393" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-617", "details" : [ "Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.", "A flaw was found in the Redis package. If a replica sends a SET command to its master during a failover, the master crashes on assertion." ], "package_state" : [ { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp-backend-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp-system-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/search-api-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Will not fix", "package_name" : "ansible-tower", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "redis:6/redis", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "redis", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "redis", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Not affected", "package_name" : "openstack-redis-base-container", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Will not fix", "package_name" : "openstack-redis-container", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 17.0", "fix_state" : "Not affected", "package_name" : "openstack-redis-container", "cpe" : "cpe:/a:redhat:openstack:17.0" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "openstack-redis-container", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "openstack-redis-container", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite:el8/rubygem-gitlab-sidekiq-fetcher", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "tfm-rubygem-gitlab-sidekiq-fetcher", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-redis6-redis", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-31294\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-31294\nhttps://github.com/redis/redis/issues/8712" ], "name" : "CVE-2021-31294", "csaw" : false }