Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5221-1
HistoryAug 03, 2022 - 10:10 a.m.

redis vulnerabilities

2022-08-0310:10:42
Google
osv.dev
2

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2021-32626)

It was discovered that Redis incorrectly handled some malformed requests
when using Redis Lua Debugger. A remote attacker could possibly use this
issue to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672)

It was discovered that Redis incorrectly handled certain Redis Standard
Protocol (RESP) requests. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2021-32675)

It was discovered that Redis incorrectly handled some configuration
parameters with specially crafted network payloads. A remote attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. Vulnerabilities CVE-2021-32627 and CVE-2021-41099
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2021-32627, CVE-2021-32628, CVE-2021-32687, CVE-2021-41099).

It was discovered that Redis incorrectly handled memory when processing
certain input in 32-bit systems. A remote attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
One vulnerability (CVE-2021-32761) only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM and Ubuntu 18.04 ESM and another vulnerability
(CVE-2021-21309) only affected Ubuntu 18.04 ESM.
(CVE-2021-32761, CVE-2021-21309).

Related

nessus 29
ubuntu 1
openvas 21
ibm 7
almalinux 2
osv 25
debian 5
redhat 10
oraclelinux 2
rocky 2
suse 1
freebsd 3
mageia 3
fedora 5
gentoo 2
photon 2
cbl_mariner 16
prion 9
ubuntucve 8
cve 9
cnvd 1
veracode 9
debiancve 9
redhatcve 9
github 1
alpinelinux 8
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Redis vulnerabilities (USN-5221-1)
2023-10-16 00:00:00
RHEL 8 : redis:5 (RHSA-2021:3946)
2021-10-21 00:00:00
Debian DSA-5001-1 : redis - security update
2021-11-06 00:00:00
ubuntu
ubuntu
Redis vulnerabilities
2022-08-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5221-1)
2023-01-27 00:00:00
Fedora: Security Advisory for redis (FEDORA-2021-61c487f241)
2021-10-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3772-1)
2021-11-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Redis affecting the IBM Event Streams UI
2021-12-21 17:42:58
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-10-06 04:10:57
Security Bulletin: Multiple vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak
2023-06-27 19:31:25
almalinux
almalinux
Important: redis:6 security update
2021-10-20 12:46:40
Important: redis:5 security update
2021-10-19 13:14:11
osv
osv
Important: redis:5 security update
2021-10-19 13:14:11
Important: redis:6 security update
2021-10-20 12:46:40
Important: redis:5 security update
2021-10-19 13:14:11
debian
debian
[SECURITY] [DSA 5001-1] redis security update
2021-11-05 19:30:06
[SECURITY] [DLA 2810-1] redis security update
2021-11-05 11:07:22
[SECURITY] [DLA 2717-2] redis security update
2021-08-27 13:43:26
redhat
redhat
(RHSA-2021:3947) Important: rh-redis5-redis security update
2021-10-20 12:49:56
(RHSA-2021:3918) Important: redis:5 security update
2021-10-19 13:14:11
(RHSA-2021:3980) Important: Red Hat OpenStack Platform 13.0 (redis) security update
2021-10-25 17:48:44
oraclelinux
oraclelinux
redis:5 security update
2021-10-19 00:00:00
redis:6 security update
2021-10-20 00:00:00
rocky
rocky
redis:6 security update
2021-10-20 12:46:40
redis:5 security update
2021-10-19 13:14:11
suse
suse
Security update for redis (important)
2021-11-23 00:00:00
freebsd
freebsd
redis -- multiple vulnerabilities
2021-10-04 00:00:00
redis -- Integer overflow issues with BITFIELD command on 32-bit systems
2021-07-04 00:00:00
redis -- Integer overflow on 32-bit systems
2021-02-22 00:00:00
mageia
mageia
Updated redis packages fix security vulnerability
2021-10-21 00:28:32
Updated redis packages fix security vulnerability
2021-03-27 17:27:02
Updated redis package fixes a security vulnerability
2021-07-09 01:43:19
fedora
fedora
[SECURITY] Fedora 33 Update: redis-6.0.16-1.fc33
2021-10-12 23:47:15
[SECURITY] Fedora 34 Update: redis-6.2.6-1.fc34
2021-10-12 23:45:06
[SECURITY] Fedora 35 Update: redis-6.2.6-1.fc35
2021-10-29 23:18:43
gentoo
gentoo
Redis: Multiple Vulnerabilities
2022-09-29 00:00:00
Redis: Remote code execution
2021-03-31 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0320
2021-10-28 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0116
2021-10-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-32761 affecting package redis 5.0.5-7
2021-10-22 04:51:42
CVE-2021-32672 affecting package redis 6.2.5-1
2022-04-09 06:51:55
CVE-2021-21309 affecting package redis 5.0.5-7
2021-04-06 23:50:05
prion
prion
Integer overflow
2021-07-21 21:15:00
Integer overflow
2021-02-26 22:15:00
Design/Logic Flaw
2021-10-04 18:15:00
ubuntucve
ubuntucve
CVE-2021-32761
2021-07-21 00:00:00
CVE-2021-21309
2021-02-26 00:00:00
CVE-2021-32687
2021-10-04 00:00:00
cve
cve
CVE-2021-32761
2021-07-21 21:15:00
CVE-2021-21309
2021-02-26 22:15:00
CVE-2021-32687
2021-10-04 18:15:00
cnvd
cnvd
Redis remote code execution vulnerability
2021-07-22 00:00:00
veracode
veracode
Remote Code Execution
2021-07-23 23:39:15
Denial Of Service (DoS)
2021-02-23 18:33:45
Denial Of Service (DoS)
2021-10-05 13:23:45
debiancve
debiancve
CVE-2021-32672
2021-10-04 18:15:00
CVE-2021-21309
2021-02-26 22:15:00
CVE-2021-32627
2021-10-04 18:15:00
redhatcve
redhatcve
CVE-2021-21309
2021-02-24 20:04:13
CVE-2021-32628
2021-10-05 18:58:39
CVE-2021-32672
2021-10-05 18:58:43
github
github
Integer overflow on 32-bit systems
2021-08-11 20:11:11
alpinelinux
alpinelinux
CVE-2021-32687
2021-10-04 18:15:00
CVE-2021-32628
2021-10-04 18:15:00
CVE-2021-21309
2021-02-26 22:15:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON
Related for OSV:USN-5221-1
nessus29ubuntu1openvas21ibm7almalinux2osv25debian5redhat10oraclelinux2rocky2suse1freebsd3mageia3fedora5gentoo2photon2cbl_mariner16prion9ubuntucve8cve9cnvd1veracode9debiancve9redhatcve9github1alpinelinux8