| Vulnerability Name: | CVE-2021-32761 (CCN-206313) | ||||||||||||||||||||
| Assigned: | 2021-07-21 | ||||||||||||||||||||
| Published: | 2021-07-21 | ||||||||||||||||||||
| Updated: | 2022-10-06 | ||||||||||||||||||||
| Summary: | Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-125 CWE-680 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-32761 Source: XF Type: UNKNOWN redis-cve202132761-integer-overflow(206313) Source: CCN Type: Redis GIT Repository Integer overflow issues with BITFIELD command on 32-bit systems Source: CONFIRM Type: Third Party Advisory https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-76cf1653b3 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-10d54c261f Source: GENTOO Type: Third Party Advisory GLSA-202209-17 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20210827-0004/ Source: DEBIAN Type: Third Party Advisory DSA-5001 Source: CCN Type: IBM Security Bulletin 7006571 (Robotic Process Automation for Cloud Pak) Multiple vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-32761 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||