CVE-2021-31294
Denial of Service vulnerability in redis (PyPI)
What is CVE-2021-31294 About?
This denial of service vulnerability in Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative `SET` command. The impact is a crash of the primary Redis server. Exploitation requires forging a specific command from a Redis replica instance.
Affected Software
- redis
- <6.2.0
- <46f4ebbe842620f0976a36741a72482620aa4b48
Technical Details
The vulnerability in Redis (before commit 6cbea7d) exists when a Redis replica, instead of a primary, sends a non-administrative command, specifically a SET command, to its primary server. The primary server, not expecting a SET command from a replica in this context, reaches an unexpected state that triggers an assertion failure. This assertion failure is designed to catch critical logic errors and, upon encountering it, the Redis primary server process terminates abruptly, leading to a denial of service. The attack vector involves control over a Redis replica which can then manipulate its communication with the primary.
What is the Impact of CVE-2021-31294?
Successful exploitation may allow attackers to cause a primary server to crash, leading to a denial of service.
What is the Exploitability of CVE-2021-31294?
Exploitation of this vulnerability is of moderate complexity, as it requires control over a Redis replica instance connected to the target primary. There are no explicit authentication requirements beyond the replica being correctly configured to communicate with the primary; however, the attacker needs to have compromised or have legitimate access to a Redis replica. This is a local network attack in the context of the Redis replication topology, as it stems from inter-server communication. The critical prerequisite is the ability for a replica to send non-administrative commands like SET to the primary. This vulnerability was specifically addressed in Redis 6.2.x and 7.x, meaning earlier versions are more susceptible due to their design lacking these safety guarantees.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2021-31294?
Available Upgrade Options
- redis
- <46f4ebbe842620f0976a36741a72482620aa4b48 → Upgrade to 46f4ebbe842620f0976a36741a72482620aa4b48
- redis
- <6.2.0 → Upgrade to 6.2.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/redis/redis/issues/8712
- https://osv.dev/vulnerability/PYSEC-2023-312
- https://security.netapp.com/advisory/ntap-20230814-0007/
- https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
- https://github.com/redis/redis/issues/8712
- https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48
- https://security.netapp.com/advisory/ntap-20230814-0007/
- https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
- https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f
What are Similar Vulnerabilities to CVE-2021-31294?
Similar Vulnerabilities: CVE-2022-24838 , CVE-2018-7225 , CVE-2017-10903 , CVE-2017-8395 , CVE-2016-8339
