Unrated severityNVD Advisory· Published Oct 4, 2021· Updated Aug 3, 2024
Vulnerability in Lua Debugger in Redis
CVE-2021-32672
Description
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:bitnami/keydbpkg:bitnami/redispkg:bitnami/valkeypkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/redis&distro=openSUSE%20Tumbleweedpkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
>= 3.2.0, < 5.0.14+ 6 more
- (no CPE)range: >= 3.2.0, < 5.0.14
- (no CPE)range: >= 3.2.0, < 5.0.14
- (no CPE)range: >= 3.2.0, < 5.0.14
- (no CPE)range: < 6.0.14-6.8.1
- (no CPE)range: < 6.2.6-1.1
- (no CPE)range: < 6.0.14-6.8.1
- (no CPE)range: < 6.0.14-6.8.1
Patches
Vulnerability mechanics
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202209-17mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2021/dsa-5001mitrevendor-advisoryx_refsource_DEBIAN
- github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1ddmitrex_refsource_MISC
- github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxmmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20211104-0003/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.