EDR: How to address Redis Server Heap Overflow Vulnerability QID 376213
search cancel

EDR: How to address Redis Server Heap Overflow Vulnerability QID 376213

book

Article ID: 289121

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Redis Server Heap Overflow Vulnerability QID 376213 is comprised of two CVEs: CVE-2021-32675 and CVE-2021-32762

Environment

  • EDR Server 7.5.x and Lower
  • Vulnerability scan flags Redis verison for QID 376213

Resolution

Both CVE-2021-32675 and CVE-2021-32762 are fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. Upgrade to EDR Server version 7.6.0 and higher to apply the redis-6.0.16 version, which resolves this issue.
Powered by Wolken Software