EDR: How to address Redis Server Heap Overflow Vulnerability QID 376213
book
Article ID: 289121
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Redis Server Heap Overflow Vulnerability QID 376213 is comprised of two CVEs: CVE-2021-32675 and CVE-2021-32762
Environment
EDR Server 7.5.x and Lower
Vulnerability scan flags Redis verison for QID 376213
Resolution
Both CVE-2021-32675 and CVE-2021-32762 are fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. Upgrade to EDR Server version 7.6.0 and higher to apply the redis-6.0.16 version, which resolves this issue.