CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8	Patch Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p	Third Party Advisory
https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5001	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8	Patch Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p	Third Party Advisory
https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/	Third Party Advisory
https://www.debian.org/security/2021/dsa-5001	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*
	cpe:2.3:a:netapp:management_services_for_netapp_hci:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*

History

21 Nov 2024, 06:07

Type	Values Removed	Values Added
References	~~() https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8 - Patch, Third Party Advisory~~	() https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8 - Patch, Third Party Advisory
References	~~() https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p - Third Party Advisory~~	() https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p - Third Party Advisory
References	~~() https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E -~~	() https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
References	~~() https://security.gentoo.org/glsa/202209-17 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202209-17 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References	~~() https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

13 May 2022, 17:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netapp:hci:-:::::::*	cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::* cpe:2.3:a:netapp:management_services_for_netapp_hci:-:::::::* cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::* cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

28 Nov 2021, 23:16

Type	Values Removed	Values Added
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-5001 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory

17 Nov 2021, 22:18

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

10 Nov 2021, 01:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:management_services_for_element_software:-:::::::* cpe:2.3:a:netapp:hci:-:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::*
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': [], 'refsource': 'FEDORA'} ~~{'url': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'tags': [], 'refsource': 'CONFIRM'}~~
References	~~(MLIST) https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E - Patch, Third Party Advisory

04 Nov 2021, 09:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

30 Oct 2021, 02:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -

13 Oct 2021, 23:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E -

13 Oct 2021, 18:12

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:a:redis:redis::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : 5.0 v3 : 7.5
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - Mailing List, Third Party Advisory
References	~~(MISC) https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8 -~~	(MISC) https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8 - Patch, Third Party Advisory
References	~~(CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p -~~	(CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p - Third Party Advisory

13 Oct 2021, 02:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -

04 Oct 2021, 18:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-04 18:15

Updated : 2024-11-21 06:07

NVD link : CVE-2021-32675

Mitre link : CVE-2021-32675

CVE.ORG link : CVE-2021-32675

JSON object : View

Products Affected

fedoraproject

fedora

netapp

management_services_for_element_software
management_services_for_netapp_hci

debian

debian_linux

redis

redis

oracle

communications_operations_monitor

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2021-32675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-10-04T18:15:08.923", "references": [{"url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/", "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202209-17", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.netapp.com/advisory/ntap-20211104-0003/", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.debian.org/security/2021/dsa-5001", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202209-17", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20211104-0003/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2021/dsa-5001", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Cuando es analizada una petici\u00f3n entrante del Protocolo Est\u00e1ndar de Redis (RESP), Redis asigna la memoria de acuerdo con los valores especificados por el usuario, que determinan el n\u00famero de elementos (en el encabezado multi-bulk) y el tama\u00f1o de cada elemento (en el encabezado bulk). Un atacante que env\u00ede peticiones especialmente dise\u00f1adas a trav\u00e9s de m\u00faltiples conexiones puede causar que el servidor asigne una cantidad significativa de memoria. Debido a que el mismo mecanismo de an\u00e1lisis es usado para manejar las peticiones de autenticaci\u00f3n, esta vulnerabilidad tambi\u00e9n puede ser explotada por usuarios no autenticados. El problema se ha corregido en las versiones de Redis 6.2.6, 6.0.16 y 5.0.14. Una soluci\u00f3n adicional para mitigar este problema sin necesidad de parchear el ejecutable del servidor Redis es bloquear el acceso para evitar que los usuarios no autentificados se conecten a Redis. Esto puede hacerse de diferentes maneras: Usando herramientas de control de acceso a la red como firewalls, iptables, grupos de seguridad, etc. o Habilitando TLS y requiriendo que los usuarios se autentiquen usando certificados del lado del cliente"}], "lastModified": "2024-11-21T06:07:30.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D64A76-B253-4A64-8AA2-DD8815CB3CF8", "versionEndExcluding": "5.0.14", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02DF8086-645E-4D42-93D3-A4B11D289C7C", "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4686800E-16BA-42CE-B691-011D1D5D0CC2", "versionEndExcluding": "6.2.6", "versionStartIncluding": "6.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1"}, {"criteria": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4455CF3A-CC91-4BE4-A7AB-929AC82E34F5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA"}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD"}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-32675

7.5^/10

5.0^/10

Attach tags to `CVE-2021-32675`