8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.023 Low
EPSS
Percentile
89.5%
The Redis Team reports:
CVE-2021-41099
Integer to heap buffer overflow handling certain string commands
and network payloads, when proto-max-bulk-len is manually configured.
CVE-2021-32762
Integer to heap buffer overflow issue in redis-cli and redis-sentinel
parsing large multi-bulk replies on some older and less common platforms.
CVE-2021-32687
Integer to heap buffer overflow with intsets, when set-max-intset-entries
is manually configured to a non-default, very large value.
CVE-2021-32675
Denial Of Service when processing RESP request payloads with a large
number of elements on many connections.
CVE-2021-32672
Random heap reading issue with Lua Debugger.
CVE-2021-32628
Integer to heap buffer overflow handling ziplist-encoded data types,
when configuring a large, non-default value for hash-max-ziplist-entries,
hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.
CVE-2021-32627
Integer to heap buffer overflow issue with streams, when configuring
a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
CVE-2021-32626
Specially crafted Lua scripts may result with Heap buffer overflow.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.023 Low
EPSS
Percentile
89.5%