Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.
{"id": "FEDORA:1E09530B26A6", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 34 Update: redis-6.2.5-1.fc34", "description": "Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. ", "published": "2021-08-01T04:05:04", "modified": "2021-08-01T04:05:04", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-32761"], "immutableFields": [], "lastseen": "2021-11-26T19:07:07", "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-32761"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2717-1:73975", "DEBIAN:DLA-2717-1:EC8A4", "DEBIAN:DLA-2717-2:C5CEC", "DEBIAN:DSA-5001-1:B6416"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-32761"]}, {"type": "fedora", "idList": ["FEDORA:B701F306AB53"]}, {"type": "freebsd", "idList": ["C561CE49-EABC-11EB-9C3F-0800270512F4"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2717.NASL", "DEBIAN_DSA-5001.NASL", "FREEBSD_PKG_C561CE49EABC11EB9C3F0800270512F4.NASL", "PHOTONOS_PHSA-2021-4_0-0083_REDIS.NASL"]}, {"type": "photon", "idList": ["PHSA-2021-0083", "PHSA-2021-0281", "PHSA-2021-4.0-0083"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-32761"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32761"]}], "rev": 4}, "score": {"value": 4.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-32761"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2717-1:EC8A4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-32761"]}, {"type": "fedora", "idList": ["FEDORA:B701F306AB53"]}, {"type": "freebsd", "idList": ["C561CE49-EABC-11EB-9C3F-0800270512F4"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2717.NASL", "FREEBSD_PKG_C561CE49EABC11EB9C3F0800270512F4.NASL"]}, {"type": "photon", "idList": ["PHSA-2021-4.0-0083"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-32761"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32761"]}]}, "exploitation": null, "vulnersScore": 4.9}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "34", "arch": "any", "packageVersion": "6.2.5", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "redis"}]}
{"fedora": [{"lastseen": "2021-11-26T19:07:07", "description": "Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-01T04:04:54", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: redis-6.0.15-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-08-01T04:04:54", "id": "FEDORA:B701F306AB53", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-11-09T18:18:20", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2717-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nJuly 22, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : redis\nVersion : 3:3.2.6-3+deb9u5\nCVE ID : CVE-2021-32761\nDebian Bug : #991375\n\nIt was discovered that there were several integer overflow issues in\nRedis, a popular key-value database system. Some BITFIELD-related\ncommands were affected on 32-bit systems.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n3:3.2.6-3+deb9u5.\n\nWe recommend that you upgrade your redis packages.\n\nFor the detailed security status of redis please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/redis\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {}, "published": "2021-07-22T10:15:38", "type": "debian", "title": "[SECURITY] [DLA 2717-1] redis security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-32761"], "modified": "2021-07-22T10:15:38", "id": "DEBIAN:DLA-2717-1:73975", "href": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-11-30T01:55:37", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2717-2 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nAugust 27, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : redis\nVersion : 3:3.2.6-3+deb9u6\nCVE ID : CVE-2021-32761\n\nIt was discovered that there was a regression in a previous update to\nthe Redis key-value database.\n\nA test was not correctly backported from the latest upstream release\nwhich meant that binaries were not available on all LTS platforms.\nThe Redis server code was unaffected.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n3:3.2.6-3+deb9u6.\n\nWe recommend that you upgrade your redis packages.\n\nFor the detailed security status of redis please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/redis\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-27T13:43:26", "type": "debian", "title": "[SECURITY] [DLA 2717-2] redis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-08-27T13:43:26", "id": "DEBIAN:DLA-2717-2:C5CEC", "href": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-01-08T14:35:25", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2717-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nJuly 22, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : redis\nVersion : 3:3.2.6-3+deb9u5\nCVE ID : CVE-2021-32761\nDebian Bug : #991375\n\nIt was discovered that there were several integer overflow issues in\nRedis, a popular key-value database system. Some BITFIELD-related\ncommands were affected on 32-bit systems.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n3:3.2.6-3+deb9u5.\n\nWe recommend that you upgrade your redis packages.\n\nFor the detailed security status of redis please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/redis\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-22T10:15:38", "type": "debian", "title": "[SECURITY] [DLA 2717-1] redis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-07-22T10:15:38", "id": "DEBIAN:DLA-2717-1:EC8A4", "href": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-27T06:17:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5001-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 05, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : redis\nCVE ID : CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 \n CVE-2021-32675 CVE-2021-32687 CVE-2021-32762 CVE-2021-41099\n CVE-2021-32761\n\nMultiple vulnerabilities were discovered in Redis, a persistent key-value\ndatabase, which could result in denial of service or the execution of\narbitrary code.\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 5:5.0.14-1+deb10u1.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5:6.0.16-1+deb11u1.\n\nWe recommend that you upgrade your redis packages.\n\nFor the detailed security status of redis please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/redis\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-05T19:30:06", "type": "debian", "title": "[SECURITY] [DSA 5001-1] redis security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-32761", "CVE-2021-32762", "CVE-2021-41099"], "modified": "2021-11-05T19:30:06", "id": "DEBIAN:DSA-5001-1:B6416", "href": "https://lists.debian.org/debian-security-announce/2021/msg00186.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-01-13T11:30:27", "description": "Redis is an in-memory database that persists on disk. A vulnerability\ninvolving out-of-bounds read and integer overflow to buffer overflow exists\nstarting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5.\nOn 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow\nthat can potentially be exploited to corrupt the heap, leak arbitrary heap\ncontents or trigger remote code execution. The vulnerability involves\nchanging the default `proto-max-bulk-len` configuration parameter to a very\nlarge value and constructing specially crafted commands bit commands. This\nproblem only affects Redis on 32-bit platforms, or compiled as a 32-bit\nbinary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this\nissue. An additional workaround to mitigate the problem without patching\nthe `redis-server` executable is to prevent users from modifying the\n`proto-max-bulk-len` configuration parameter. This can be done using ACL to\nrestrict unprivileged users from using the CONFIG SET command.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991375>\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2021-32761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-07-21T00:00:00", "id": "UB:CVE-2021-32761", "href": "https://ubuntu.com/security/CVE-2021-32761", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T18:32:56", "description": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-21T21:15:00", "type": "cve", "title": "CVE-2021-32761", "cwe": ["CWE-125", "CWE-680"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-11-28T23:18:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-32761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32761", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-05-12T00:30:56", "description": "redis is vulnerable to remote code execution. An out-of-bounds read and integer overflow to buffer overflow exists and allows an attacker to execute arbitrary code on the host OS by changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-23T23:39:15", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-11-29T02:10:34", "id": "VERACODE:31303", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31303/summary", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-06-19T18:02:18", "description": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-21T21:15:00", "type": "debiancve", "title": "CVE-2021-32761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-07-21T21:15:00", "id": "DEBIANCVE:CVE-2021-32761", "href": "https://security-tracker.debian.org/tracker/CVE-2021-32761", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-06-08T11:07:34", "description": "A flaw was found in Redis. Issuing the BITFIELD command on a 32-bit version of Redis may result in an integer wrap around allowing an attacker to crash the service or perform remote code execution. The highest threat from this vulnerability is to the data confidentiality, integrity, and service availability.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-23T16:53:30", "type": "redhatcve", "title": "CVE-2021-32761", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2022-06-08T08:57:21", "id": "RH:CVE-2021-32761", "href": "https://access.redhat.com/security/cve/cve-2021-32761", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-06-15T20:22:04", "description": "Huang Zhw reports :\n\nOn 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset.\n\nThis problem only affects 32-bit versions of Redis.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-28T00:00:00", "type": "nessus", "title": "FreeBSD : redis -- Integer overflow issues with BITFIELD command on 32-bit systems (c561ce49-eabc-11eb-9c3f-0800270512f4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32761"], "modified": "2021-08-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:redis", "p-cpe:/a:freebsd:freebsd:redis-devel", "p-cpe:/a:freebsd:freebsd:redis5", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C561CE49EABC11EB9C3F0800270512F4.NASL", "href": "https://www.tenable.com/plugins/nessus/152126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(152126);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/04\");\n\n script_cve_id(\"CVE-2021-32761\");\n\n script_name(english:\"FreeBSD : redis -- Integer overflow issues with BITFIELD command on 32-bit systems (c561ce49-eabc-11eb-9c3f-0800270512f4)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Huang Zhw reports :\n\nOn 32-bit versions, Redis BITFIELD command is vulnerable to integer\noverflow that can potentially be exploited to corrupt the heap, leak\narbitrary heap contents or trigger remote code execution. The\nvulnerability involves constructing specially crafted bit commands\nwhich overflow the bit offset.\n\nThis problem only affects 32-bit versions of Redis.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj\"\n );\n # https://vuxml.freebsd.org/freebsd/c561ce49-eabc-11eb-9c3f-0800270512f4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7188785c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32761\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:redis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:redis5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"redis<6.0.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"redis-devel<6.2.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"redis5<5.0.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:07:37", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2717 advisory.\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Debian DLA-2717-1 : redis - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32761"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:redis-sentinel", "p-cpe:/a:debian:debian_linux:redis-server", "p-cpe:/a:debian:debian_linux:redis-tools", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2717.NASL", "href": "https://www.tenable.com/plugins/nessus/152006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2717. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152006);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-32761\");\n\n script_name(english:\"Debian DLA-2717-1 : redis - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2717\nadvisory.\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and\n integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15,\n and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can\n potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code\n execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to\n a very large value and constructing specially crafted commands bit commands. This problem only affects\n Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5\n contain patches for this issue. An additional workaround to mitigate the problem without patching the\n `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration\n parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/redis\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the redis packages.\n\nFor Debian 9 Stretch, these problems have been fixed in version 3\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32761\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-sentinel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '9.0', 'prefix': 'redis-sentinel', 'reference': '3:3.2.6-3+deb9u5'},\n {'release': '9.0', 'prefix': 'redis-server', 'reference': '3:3.2.6-3+deb9u5'},\n {'release': '9.0', 'prefix': 'redis-tools', 'reference': '3:3.2.6-3+deb9u5'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis-sentinel / redis-server / redis-tools');\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T20:23:50", "description": "An update of the redis package has been released.\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-08-24T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Redis PHSA-2021-4.0-0083", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32761"], "modified": "2021-09-20T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:redis", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0083_REDIS.NASL", "href": "https://www.tenable.com/plugins/nessus/152790", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0083. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152790);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/20\");\n\n script_cve_id(\"CVE-2021-32761\");\n\n script_name(english:\"Photon OS 4.0: Redis PHSA-2021-4.0-0083\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the redis package has been released.\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and\n integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15,\n and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can\n potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code\n execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to\n a very large value and constructing specially crafted commands bit commands. This problem only affects\n Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5\n contain patches for this issue. An additional workaround to mitigate the problem without patching the\n `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration\n parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-83.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32761\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:redis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'redis-6.0.15-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis');\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T15:09:16", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5001 advisory.\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution.\n This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVE-2021-32626)\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer- limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32627)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max- ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32628)\n\n - Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger's protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. (CVE-2021-32672)\n\n - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n (CVE-2021-32675)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max- intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32687)\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\n - Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi- bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.\n (CVE-2021-32762)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max- bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-41099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-5001-1 : redis - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-32761", "CVE-2021-32762", "CVE-2021-41099"], "modified": "2021-11-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:redis", "p-cpe:/a:debian:debian_linux:redis-sentinel", "p-cpe:/a:debian:debian_linux:redis-server", "p-cpe:/a:debian:debian_linux:redis-tools", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5001.NASL", "href": "https://www.tenable.com/plugins/nessus/154948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5001. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154948);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/06\");\n\n script_cve_id(\n \"CVE-2021-32626\",\n \"CVE-2021-32627\",\n \"CVE-2021-32628\",\n \"CVE-2021-32672\",\n \"CVE-2021-32675\",\n \"CVE-2021-32687\",\n \"CVE-2021-32761\",\n \"CVE-2021-32762\",\n \"CVE-2021-41099\"\n );\n\n script_name(english:\"Debian DSA-5001-1 : redis - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5001 advisory.\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted\n Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete\n checks for this condition. This can result with heap corruption and potentially remote code execution.\n This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is\n fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to\n mitigate the problem without patching the redis-server executable is to prevent users from executing Lua\n scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVE-2021-32626)\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions an integer\n overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code\n execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-\n limit configuration parameters to very large values and constructing specially crafted very large stream\n elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an\n additional workaround to mitigate the problem without patching the redis-server executable is to prevent\n users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to\n restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32627)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist\n data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result\n with remote code execution. The vulnerability involves modifying the default ziplist configuration\n parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-\n ziplist-value) to a very large value, and then constructing specially crafted commands to create very\n large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to\n mitigate the problem without patching the redis-server executable is to prevent users from modifying the\n above configuration parameters. This can be done using ACL to restrict unprivileged users from using the\n CONFIG SET command. (CVE-2021-32628)\n\n - Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger,\n users can send malformed requests that cause the debugger's protocol parser to read data beyond the actual\n buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is\n fixed in versions 6.2.6, 6.0.16 and 5.0.14. (CVE-2021-32672)\n\n - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard\n Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the\n number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker\n delivering specially crafted requests over multiple connections can cause the server to allocate\n significant amount of memory. Because the same parsing mechanism is used to handle authentication\n requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis\n versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the\n redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This\n can be done in different ways: Using network access control tools like firewalls, iptables, security\n groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n (CVE-2021-32675)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all\n versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents\n of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-\n intset-entries configuration parameter to a very large value and constructing specially crafted commands\n to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional\n workaround to mitigate the problem without patching the redis-server executable is to prevent users from\n modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict\n unprivileged users from using the CONFIG SET command. (CVE-2021-32687)\n\n - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and\n integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15,\n and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can\n potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code\n execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to\n a very large value and constructing specially crafted commands bit commands. This problem only affects\n Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5\n contain patches for this issue. An additional workaround to mitigate the problem without patching the\n `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration\n parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.\n (CVE-2021-32761)\n\n - Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and\n redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-\n bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not\n perform an overflow check before calling the calloc() heap allocation function. This issue only impacts\n systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are\n therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator\n which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.\n (CVE-2021-32762)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the\n underlying string library can be used to corrupt the heap and potentially result with denial of service or\n remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration\n parameter to a very large value and constructing specially crafted network payloads or commands. The\n problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the\n problem without patching the redis-server executable is to prevent users from modifying the proto-max-\n bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the\n CONFIG SET command. (CVE-2021-41099)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/redis\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-41099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/redis\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/redis\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the redis packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 5\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32762\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-sentinel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'redis', 'reference': '5:5.0.14-1+deb10u1'},\n {'release': '10.0', 'prefix': 'redis-sentinel', 'reference': '5:5.0.14-1+deb10u1'},\n {'release': '10.0', 'prefix': 'redis-server', 'reference': '5:5.0.14-1+deb10u1'},\n {'release': '10.0', 'prefix': 'redis-tools', 'reference': '5:5.0.14-1+deb10u1'},\n {'release': '11.0', 'prefix': 'redis', 'reference': '5:6.0.16-1+deb11u1'},\n {'release': '11.0', 'prefix': 'redis-sentinel', 'reference': '5:6.0.16-1+deb11u1'},\n {'release': '11.0', 'prefix': 'redis-server', 'reference': '5:6.0.16-1+deb11u1'},\n {'release': '11.0', 'prefix': 'redis-tools', 'reference': '5:6.0.16-1+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis / redis-sentinel / redis-server / redis-tools');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nHuang Zhw reports:\n\n\n\t On 32-bit versions, Redis BITFIELD command is vulnerable to integer\n\t overflow that can potentially be exploited to corrupt the heap,\n\t leak arbitrary heap contents or trigger remote code execution.\n\t The vulnerability involves constructing specially crafted bit\n\t commands which overflow the bit offset.\n\t \n\n\t This problem only affects 32-bit versions of Redis.\n\t \n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-04T00:00:00", "type": "freebsd", "title": "redis -- Integer overflow issues with BITFIELD command on 32-bit systems", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761"], "modified": "2021-07-04T00:00:00", "id": "C561CE49-EABC-11EB-9C3F-0800270512F4", "href": "https://vuxml.freebsd.org/freebsd/c561ce49-eabc-11eb-9c3f-0800270512f4.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2021-12-15T08:56:11", "description": "An update of {'nettle', 'redis'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-19T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-4.0-0083", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761", "CVE-2021-3580"], "modified": "2021-08-19T00:00:00", "id": "PHSA-2021-4.0-0083", "href": "https://github.com/vmware/photon/wiki/Security-Updates-4.0-83", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:54:57", "description": "Updates of ['redis', 'nettle'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0083", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32761", "CVE-2021-3580"], "modified": "2021-08-19T00:00:00", "id": "PHSA-2021-0083", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-83", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:41:01", "description": "Updates of ['mysql', 'glibc', 'redis'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-09T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0281", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2339", "CVE-2021-2352", "CVE-2021-2354", "CVE-2021-2356", "CVE-2021-2357", "CVE-2021-32761", "CVE-2021-35942"], "modified": "2021-08-09T00:00:00", "id": "PHSA-2021-0281", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-281", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution (CVE-2021-29477). An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution (CVE-2021-29478). A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15 and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution (CVE-2021-32761). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-25T14:45:06", "type": "mageia", "title": "Updated redis package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29477", "CVE-2021-29478", "CVE-2021-32761"], "modified": "2021-07-25T14:45:06", "id": "MGASA-2021-0373", "href": "https://advisories.mageia.org/MGASA-2021-0373.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
[SECURITY] Fedora 34 Update: redis-6.2.5-1.fc34
