CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:35

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/', 'name': 'FEDORA-2021-61c487f241', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/', 'name': 'FEDORA-2021-8913c7900c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -

06 Oct 2022, 16:53

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202209-17 - (GENTOO) https://security.gentoo.org/glsa/202209-17 - Third Party Advisory

29 Sep 2022, 17:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-17 -

13 May 2022, 17:21

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*
First Time Netapp management Services For Netapp Hci
Oracle communications Operations Monitor
Oracle
Netapp management Services For Element Software

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

28 Nov 2021, 23:18

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory

17 Nov 2021, 22:18

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -
  • (DEBIAN) https://www.debian.org/security/2021/dsa-5001 -

10 Nov 2021, 01:17

Type Values Removed Values Added
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'name': 'https://security.netapp.com/advisory/ntap-20211104-0003/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/', 'name': 'FEDORA-2021-aa94492a09', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://www.debian.org/security/2021/dsa-5001', 'name': 'DSA-5001', 'tags': ['Third Party Advisory'], 'refsource': 'DEBIAN'}

08 Nov 2021, 21:58

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - (DEBIAN) https://www.debian.org/security/2021/dsa-5001 - Third Party Advisory
CPE cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

06 Nov 2021, 11:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-5001 -

04 Nov 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211104-0003/ -

30 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ -

13 Oct 2021, 17:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : 9.0
v3 : 8.8
CPE cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
References (MISC) https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71 - (MISC) https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr - (CONFIRM) https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ - Mailing List, Third Party Advisory

13 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ -

04 Oct 2021, 18:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 18:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-32762

Mitre link : CVE-2021-32762

CVE.ORG link : CVE-2021-32762


JSON object : View

Products Affected

oracle

  • communications_operations_monitor

netapp

  • management_services_for_element_software
  • management_services_for_netapp_hci

redis

  • redis

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-190

Integer Overflow or Wraparound

CWE-680

Integer Overflow to Buffer Overflow