Lucene search

[email protected]NVD:CVE-2021-32672

HistoryOct 04, 2021 - 6:15 p.m.

CVE-2021-32672

2021-10-0418:15:08

CWE-125

[email protected]

web.nvd.nist.gov

redis

lua debugger

vulnerability

buffer overflow

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.005

Percentile

76.6%

JSON

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Affected configurations

Nvd

Node

redisredisRange3.2.0–5.0.14

redisredisRange6.0.0–6.0.16

redisredisRange6.2.0–6.2.6

Node

redhatsoftware_collectionsMatch-

redhatenterprise_linuxMatch8.0

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

netappmanagement_services_for_element_softwareMatch-

netappmanagement_services_for_netapp_hciMatch-

Node

oraclecommunications_operations_monitorMatch4.3

oraclecommunications_operations_monitorMatch4.4

oraclecommunications_operations_monitorMatch5.0

VendorProductVersionCPE
redisredis*cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
redhatsoftware_collections-cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
netappmanagement_services_for_element_software-cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
netappmanagement_services_for_netapp_hci-cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redis	redis	*	cpe:2.3:a:redis:redis::::::::
redhat	software_collections	-	cpe:2.3:a:redhat:software_collections:-:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
netapp	management_services_for_element_software	-	cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*
netapp	management_services_for_netapp_hci	-	cpe:2.3:a:netapp:management_services_for_netapp_hci:-:::::::*