gsd-2021-32626
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-32626", "description": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.", "id": "GSD-2021-32626", "references": [ "https://www.suse.com/security/cve/CVE-2021-32626.html", "https://www.debian.org/security/2021/dsa-5001", "https://access.redhat.com/errata/RHSA-2021:4618", "https://access.redhat.com/errata/RHSA-2021:3980", "https://access.redhat.com/errata/RHSA-2021:3971", "https://access.redhat.com/errata/RHSA-2021:3949", "https://access.redhat.com/errata/RHSA-2021:3947", "https://access.redhat.com/errata/RHSA-2021:3946", "https://access.redhat.com/errata/RHSA-2021:3945", "https://access.redhat.com/errata/RHSA-2021:3944", "https://access.redhat.com/errata/RHSA-2021:3925", "https://access.redhat.com/errata/RHSA-2021:3918", "https://access.redhat.com/errata/RHSA-2021:3873", "https://advisories.mageia.org/CVE-2021-32626.html", "https://security.archlinux.org/CVE-2021-32626", "https://linux.oracle.com/cve/CVE-2021-32626.html", "https://ubuntu.com/security/CVE-2021-32626" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-32626" ], "details": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.", "id": "GSD-2021-32626", "modified": "2023-12-13T01:23:08.685360Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32626", "STATE": "PUBLIC", "TITLE": "Lua scripts can overflow the heap-based Lua stack in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 2.6.0, \u003c 5.0.14" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] }, { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c" }, { "name": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-p486-xggp-782c", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "versionStartIncluding": "2.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32626" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" }, { "lang": "en", "value": "CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591" }, { "name": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202209-17" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-10-06T16:54Z", "publishedDate": "2021-10-04T18:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.