← Back

CVE-2021-32672

nvd nist
Published: Oct 4, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Affected (15)

Show all products
Redis: Redis · Redhat: Enterprise Linux, Software Collections · Debian: Debian Linux · Fedoraproject: Fedora · Netapp: Management Services For Element Software, Management Services For Netapp Hci · Oracle: Communications Operations Monitor
Redis
1 product
Redis
Redhat
2 products
Enterprise Linux
Software Collections
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Netapp
2 products
Management Services For Element Software
Management Services For Netapp Hci
Oracle
1 product
Communications Operations Monitor
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Redis
Redis
From 3.2.0 to 5.0.14
Redis
From 6.0.0 to 6.0.16
Redis
From 6.2.0 to 6.2.6
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Software Collections
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 33
Fedora
Version 34
Fedora
Version 35
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Management Services For Element Software
All versions
Management Services For Netapp Hci
All versions
Configuration F
3 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Communications Operations Monitor
Version 4.3
Communications Operations Monitor
Version 4.4
Communications Operations Monitor
Version 5.0

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (18)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.