CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd	Patch Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5001	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd	Patch Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5001	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:software_collections:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*
	cpe:2.3:a:netapp:management_services_for_netapp_hci:-:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*

History

21 Nov 2024, 06:07

Type	Values Removed	Values Added
CVSS	v2 : ~~4.0~~ v3 : ~~4.3~~	v2 : 4.0 v3 : 5.3
References	~~() https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd - Patch, Third Party Advisory~~	() https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd - Patch, Third Party Advisory
References	~~() https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm - Third Party Advisory~~	() https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm - Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
References	~~() https://security.gentoo.org/glsa/202209-17 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202209-17 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References	~~() https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

13 May 2022, 17:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redislabs:redis:::::::: cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:::::::*	cpe:2.3:a:netapp:management_services_for_netapp_hci:-:::::::* cpe:2.3:a:redis:redis:::::::: cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::* cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::* cpe:2.3:a:netapp:management_services_for_element_software:-:::::::* cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

28 Nov 2021, 23:16

Type	Values Removed	Values Added
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-5001 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory

17 Nov 2021, 22:18

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

10 Nov 2021, 01:17

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': [], 'refsource': 'FEDORA'} ~~{'url': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'tags': [], 'refsource': 'CONFIRM'}~~
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - Mailing List, Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::*

04 Nov 2021, 09:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

30 Oct 2021, 02:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -

13 Oct 2021, 02:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -

08 Oct 2021, 16:06

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:software_collections:-:::::::* cpe:2.3:a:redislabs:redis::::::::
References	~~(CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm -~~	(CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm - Third Party Advisory
References	~~(MISC) https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd -~~	(MISC) https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd - Patch, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : 4.0 v3 : 4.3

04 Oct 2021, 18:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-04 18:15

Updated : 2024-11-21 06:07

NVD link : CVE-2021-32672

Mitre link : CVE-2021-32672

CVE.ORG link : CVE-2021-32672

JSON object : View

Products Affected

fedoraproject

fedora

redhat

enterprise_linux
software_collections

netapp

management_services_for_element_software
management_services_for_netapp_hci

debian

debian_linux

redis

redis

oracle

communications_operations_monitor

CWE

CWE-125

Out-of-bounds Read

5.3 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-32672

5.3^/10

4.0^/10

Attach tags to `CVE-2021-32672`