CVE-2021-32672
- Source
- https://cve.org/CVERecord?id=CVE-2021-32672
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32672.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-32672
- Aliases
- Downstream
- Related
- Published
- 2021-10-04T18:15:08.780Z
- Modified
- 2026-04-02T06:53:03.867486Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
- https://security.gentoo.org/glsa/202209-17
- https://www.debian.org/security/2021/dsa-5001
- https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
- https://security.netapp.com/advisory/ntap-20211104-0003/
- https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
- https://www.oracle.com/security-alerts/cpuapr2022.html
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "3.2.0" }, { "fixed": "5.0.14" }, { "introduced": "6.0.0" }, { "fixed": "6.0.16" }, { "introduced": "6.2.0" }, { "fixed": "6.2.6" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "5.0" } ] }
Affected versions
1.*
1.3.6
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0
2.2.0-rc1
2.2.0-rc2
2.2.0-rc3
2.2.0-rc4
2.2.1
2.2.10
2.2.105-scripting
2.2.106-scripting
2.2.107-scripting
2.2.11
2.2.110-scripting
2.2.111-scripting
2.2.12
2.2.13
2.2.14
2.2.15
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3-alpha0
2.4.0
2.4.0-rc1
2.4.0-rc2
2.4.0-rc3
2.4.0-rc4
2.4.0-rc5
2.4.0-rc6
2.4.0-rc7
2.4.0-rc8
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.17
2.4.18
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.6.0
2.6.0-rc1
2.6.0-rc2
2.6.0-rc3
2.6.0-rc4
2.6.0-rc5
2.6.0-rc6
2.6.0-rc7
2.6.0-rc8
2.6.1
2.6.10
2.6.10-1
2.6.10-2
2.6.10-3
2.6.11
2.6.12
2.6.13
2.6.14
2.6.14-1
2.6.14-2
2.6.15
2.6.16
2.6.17
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.7-1
2.6.8
2.6.8-1
2.6.9
2.6.9-1
2.8.0
2.8.0-rc1
2.8.0-rc2
2.8.0-rc3
2.8.0-rc4
2.8.0-rc5
2.8.0-rc6
2.8.1
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16
2.8.17
2.8.18
2.8.19
2.8.2
2.8.20
2.8.21
2.8.22
2.8.23
2.8.24
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
3.*
3.0-alpha0
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-beta5
3.0.0-beta6
3.0.0-beta7
3.0.0-beta8
3.0.0-rc1
3.0.0-rc2
3.0.0-rc3
3.0.0-rc4
3.0.0-rc5
3.0.0-rc6
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.2-rc1
3.2.0
3.2.0-rc2
3.2.0-rc3
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
4.*
4.0-rc1
4.0-rc2
4.0-rc3
4.0.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
5.*
5.0-rc1
5.0-rc2
5.0-rc3
5.0-rc4
5.0-rc5
5.0-rc6
5.0.0
6.*
6.0-rc1
6.0-rc2
6.0-rc3
6.0-rc4
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
7.*
7.0-rc1
7.0-rc2
7.0-rc3
7.0.0
7.0.1
7.0.10
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.0.9
7.2-rc1
7.2-rc2
7.2-rc3
7.2.0
7.2.1
7.2.10
7.2.11
7.2.12
7.2.13
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.4-rc1
7.4-rc2
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
8.*
8.0-m01
8.0-m02
8.0-m03
8.0-m04
8.0-m04-int
8.0-rc1
8.0-rc1-int
8.0-rc1-int2
8.0-rc2-int
8.0.0
8.2-int
8.2-m01
8.2-m01-int
8.2-m01-int2
8.2-rc1
8.2-rc1-int
8.2.0
8.2.1
8.2.1-int
8.2.2
8.2.2-int
8.2.3
8.2.4
8.2.5
8.4-int
8.4-int2
8.4-int3
8.4-m01-int
8.4-rc1
8.4-rc1-int
8.4-rc1-int2
8.4.0
8.4.1
8.4.2
8.6-rc1
8.6.0
8.6.1
8.6.2
Other
twitter-20100804
twitter-20100825
vm-playpen
with-deprecated-diskstore
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.0.0-rc1b
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.0-stable
v2.0.1-stable
v2.0.2-stable
v2.0.3-stable
v2.0.4-stable
v2.1.1-watch
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32672.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.4"
}
]
}
]
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "317564125385647258631515446476228874390",
"length": 976.0
},
"source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
"id": "CVE-2021-32672-01c69a01",
"target": {
"file": "src/scripting.c",
"function": "ldbReplParseCommand"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"120823697845019607967104986639700798388",
"337405370187524436283833662412188245874",
"52976036462305738424998361523712302715",
"115907040841008265734411993486152633984",
"256846541954209937173634192563606273301",
"297633993523308980491455845083339034562",
"191242670694469571052606084491816143893",
"85858321810069706237631181945602266083",
"22844239357405574869750516618680663975",
"62647965359387630850995374088275454075",
"130586143788112339966721377047393629423",
"62874166062077122208860006585632891800",
"63301309297223767187549666536846522567",
"295908773895324095532999580993573466312",
"109254972476570952022113907303005028396",
"210840498263843464085399252211921254403",
"184002517942049753791096239650357057129",
"87423852731040584958789893474557578187",
"174632260599682992664098521937441152434",
"145318702385646759471267174713706020286",
"143309227430553277608858302547395403419",
"27581698092889084160877172864466405694",
"301169613490832553977890726859332140605",
"117335125399649687496828982355804482076",
"105177812853954267859358698104382414315",
"271536164718951338784576564582849116746",
"303216379372443720130594988358165675928",
"295979210924331036103030261793518313731",
"72717110345814622862430976133406604053",
"176078479171233001523192828403324918169",
"112380243225641015549815642922215107898",
"296981066181595428244653779350797435253",
"338699234530122151201822880434941882731"
],
"threshold": 0.9
},
"source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
"id": "CVE-2021-32672-a6a86b05",
"target": {
"file": "src/scripting.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "316168307147346159691763691724516844826",
"length": 4875.0
},
"source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
"id": "CVE-2021-32672-deba9155",
"target": {
"file": "src/scripting.c",
"function": "ldbRepl"
}
}
]