Vulnerability CVE-2021-32762

Vulnerability Name:

CVE-2021-32762 (CCN-210729)

Assigned:

2021-10-04

Published:

2021-10-04

Updated:

2022-10-06

Summary:

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-190
CWE-680

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-32762

Source: XF
Type: UNKNOWN
redis-cve202132762-integer-overflow(210729)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71

Source: CCN
Type: Redis GIT Repository
Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Source: CONFIRM
Type: Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-61c487f241

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-8913c7900c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-aa94492a09

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-17

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-5001

Source: CCN
Type: IBM Security Bulletin 6538608 (Event Streams)
Vulnerability in Redis affects IBM Event Streams (CVE-2021-32762)

Source: CCN
Type: IBM Security Bulletin 6597535 (Watson Knowledge Catalog on-prem)
Mutiple Vulnerabilities in Redis affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6825987 (Robotic Process Automation)
Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 7006571 (Robotic Process Automation for Cloud Pak)
Multiple vulnerabilities in Redis may affect IBM Robotic Process Automation for Cloud Pak

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version >= 6.2.0 and < 6.2.6)

OR cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.0.16)

OR cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.14)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:redislabs:redis:*:*:*:*:*:*:*:*

AND

cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8069	P	velocity-1.7-150200.3.7.3 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8004	P	dom4j-1.6.1-150200.12.6.3 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:3519	P	gv-3.7.4-1.36 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95149	P	redis-6.2.6-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:113332	P	redis-6.2.6-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:96085	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:111795	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:102775	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:69093	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:102222	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:109441	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:118537	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:69158	P	Security update for redis (Important)	2021-11-23
oval:org.opensuse.security:def:1646	P	Security update for redis (Important)	2021-11-23

BACK