CVE-2021-32628

CVE-2021-32628

Name

CVE-2021-32628

Description

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3
CONFIRM	https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
CONFIRM	https://security.netapp.com/advisory/ntap-20211104-0003/
DEBIAN	https://www.debian.org/security/2021/dsa-5001
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html

Type

URI

MISC

https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3

CONFIRM

https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/

CONFIRM

https://security.netapp.com/advisory/ntap-20211104-0003/

DEBIAN

https://www.debian.org/security/2021/dsa-5001

MISC

https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:redis:redis::::::::`	redis	>= 5.0.0	< 5.0.14
`cpe:2.3:a:redis:redis::::::::`	redis	>= 6.0.0	< 6.0.16
`cpe:2.3:a:redis:redis::::::::`	redis	>= 6.2.0	< 6.2.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 5.0.0

< 5.0.14

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 6.0.0

< 6.0.16

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 6.2.0

< 6.2.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
redis	3.13-main	6.0.16-r0	TBK <alpine@jjtc.eu>	fixed
redis	3.12-main	5.0.14-r0	TBK <alpine@jjtc.eu>	fixed
redis	3.11-main	5.0.14-r0	TBK <alpine@jjtc.eu>	fixed

Source package

Branch

Version

Maintainer

Status

redis

3.13-main

6.0.16-r0

TBK <alpine@jjtc.eu>

fixed

redis

3.12-main

5.0.14-r0

TBK <alpine@jjtc.eu>

fixed

redis

3.11-main

5.0.14-r0

TBK <alpine@jjtc.eu>

fixed

References

Match rules

Vulnerable and fixed packages