BIT-keydb-2021-32672

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/keydb/BIT-keydb-2021-32672.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-keydb-2021-32672
Aliases
Published
2024-08-22T19:29:26.350Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / keydb

Package

Name
keydb
Purl
pkg:bitnami/keydb

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.2.0
Fixed
5.0.14
Introduced
6.0.0
Fixed
6.0.16
Introduced
6.2.0
Fixed
6.2.6