8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%
Redis is an advanced key-value store.
Security Fix(es):
Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
Integer overflow issue with Streams (CVE-2021-32627)
Integer overflow bug in the ziplist data structure (CVE-2021-32628)
Denial of service via Redis Standard Protocol (RESP) request
(CVE-2021-32675)
Integer overflow issue with intsets (CVE-2021-32687)
Integer overflow issue with strings (CVE-2021-41099)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | ppc64le | redis | < 3.2.8-5.el7ost | redis-3.2.8-5.el7ost.ppc64le.rpm |
RedHat | 7 | x86_64 | redis-debuginfo | < 3.2.8-5.el7ost | redis-debuginfo-3.2.8-5.el7ost.x86_64.rpm |
RedHat | 7 | ppc64le | redis-debuginfo | < 3.2.8-5.el7ost | redis-debuginfo-3.2.8-5.el7ost.ppc64le.rpm |
RedHat | 7 | x86_64 | redis | < 3.2.8-5.el7ost | redis-3.2.8-5.el7ost.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%