CVE-2021-32627

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:35

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/', 'name': 'FEDORA-2021-61c487f241', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/', 'name': 'FEDORA-2021-8913c7900c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -

06 Oct 2022, 16:55

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202209-17 - (GENTOO) https://security.gentoo.org/glsa/202209-17 - Third Party Advisory

29 Sep 2022, 17:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-17 -
CWE CWE-680

13 May 2022, 17:21

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
First Time Netapp management Services For Netapp Hci
Oracle communications Operations Monitor
Oracle

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

28 Nov 2021, 23:14

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
CPE cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
CWE CWE-680

17 Nov 2021, 22:18

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
  • (DEBIAN) https://www.debian.org/security/2021/dsa-5001 -

10 Nov 2021, 01:17

Type Values Removed Values Added
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://www.debian.org/security/2021/dsa-5001', 'name': 'DSA-5001', 'tags': ['Third Party Advisory'], 'refsource': 'DEBIAN'}

08 Nov 2021, 21:55

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
CPE cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

06 Nov 2021, 11:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-5001 -

04 Nov 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

30 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -

13 Oct 2021, 18:27

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.0
v3 : 7.5

13 Oct 2021, 16:53

Type Values Removed Values Added
References (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v - (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 - (MISC) https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 - Patch, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

13 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -

04 Oct 2021, 18:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 18:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-32627

Mitre link : CVE-2021-32627

CVE.ORG link : CVE-2021-32627


JSON object : View

Products Affected

netapp

  • management_services_for_netapp_hci
  • management_services_for_element_software

debian

  • debian_linux

oracle

  • communications_operations_monitor

fedoraproject

  • fedora

redis

  • redis
CWE
CWE-190

Integer Overflow or Wraparound

CWE-680

Integer Overflow to Buffer Overflow