5.3

CVE-2021-32672

Vulnerability in Lua Debugger in Redis

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedisRedis Version >= 3.2.0 < 5.0.14
RedisRedis Version >= 6.0.0 < 6.0.16
RedisRedis Version >= 6.2.0 < 6.2.6
RedhatEnterprise Linux Version8.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version33
FedoraprojectFedora Version34
FedoraprojectFedora Version35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com 5.3 1.6 3.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202209-17
Third Party Advisory
https://www.debian.org/security/2021/dsa-5001
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.netapp.com/advisory/ntap-20211104-0003/
Third Party Advisory
https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
Patch
Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
Third Party Advisory