cvelist/2021/32xxx/CVE-2021-32672.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-32672",
        "STATE": "PUBLIC",
        "TITLE": "Vulnerability in Lua Debugger in Redis"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "redis",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": ">= 3.2.0, < 5.0.14"
                                        },
                                        {
                                            "version_value": ">= 6.0.0, < 6.0.16"
                                        },
                                        {
                                            "version_value": ">= 6.0.0, < 6.2.6"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "redis"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-125: Out-of-bounds Read"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm",
                "refsource": "CONFIRM",
                "url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"
            },
            {
                "name": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
                "refsource": "MISC",
                "url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2021-8913c7900c",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2021-61c487f241",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2021-aa94492a09",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-5001",
                "url": "https://www.debian.org/security/2021/dsa-5001"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
                "url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-9mj9-xx53-qmxm",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`{`
			`"CVE_data_meta": {`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`"ID": "CVE-2021-32672",`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Vulnerability in Lua Debugger in Redis"`
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`},`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "redis",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": ">= 3.2.0, < 5.0.14"`
			`},`
			`{`
			`"version_value": ">= 6.0.0, < 6.0.16"`
			`},`
			`{`
			`"version_value": ">= 6.0.0, < 6.2.6"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "redis"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-04-20 00:02:37 +00:00			`"value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14."`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-125: Out-of-bounds Read"`
			`}`
			`]`
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`}`
			`]`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"`
			`},`
			`{`
			`"name": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",`
			`"refsource": "MISC",`
			`"url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"`
"-Synchronized-Data." 2021-10-13 02:00:55 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2021-8913c7900c",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"`
			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2021-61c487f241",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2021-aa94492a09",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"`
			`},`
			`{`
			`"refsource": "DEBIAN",`
			`"name": "DSA-5001",`
			`"url": "https://www.debian.org/security/2021/dsa-5001"`
Oracle Critical Patch Updates 2022 April 3rd party CVEs part2 Committer: BSITU <BSITU@BSITU-7320.us.oracle.com> On branch cna/Oracle/CPU2022Apr3rdPart2 Changes to be committed: modified: 2021/22xxx/CVE-2021-22897.json modified: 2021/22xxx/CVE-2021-22898.json modified: 2021/22xxx/CVE-2021-22901.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/23xxx/CVE-2021-23017.json modified: 2021/23xxx/CVE-2021-23450.json modified: 2021/23xxx/CVE-2021-23463.json modified: 2021/23xxx/CVE-2021-23839.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/23xxx/CVE-2021-23841.json modified: 2021/25xxx/CVE-2021-25219.json modified: 2021/26xxx/CVE-2021-26291.json modified: 2021/27xxx/CVE-2021-27568.json modified: 2021/27xxx/CVE-2021-27807.json modified: 2021/27xxx/CVE-2021-27906.json modified: 2021/28xxx/CVE-2021-28163.json modified: 2021/28xxx/CVE-2021-28164.json modified: 2021/28xxx/CVE-2021-28165.json modified: 2021/28xxx/CVE-2021-28168.json modified: 2021/28xxx/CVE-2021-28169.json modified: 2021/28xxx/CVE-2021-28170.json modified: 2021/28xxx/CVE-2021-28657.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/30xxx/CVE-2021-30129.json modified: 2021/30xxx/CVE-2021-30468.json modified: 2021/31xxx/CVE-2021-31799.json modified: 2021/31xxx/CVE-2021-31810.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/32xxx/CVE-2021-32066.json modified: 2021/32xxx/CVE-2021-32626.json modified: 2021/32xxx/CVE-2021-32627.json modified: 2021/32xxx/CVE-2021-32628.json modified: 2021/32xxx/CVE-2021-32672.json modified: 2021/32xxx/CVE-2021-32675.json modified: 2021/32xxx/CVE-2021-32687.json modified: 2021/32xxx/CVE-2021-32762.json modified: 2021/32xxx/CVE-2021-32785.json modified: 2021/32xxx/CVE-2021-32786.json modified: 2021/32xxx/CVE-2021-32791.json modified: 2021/32xxx/CVE-2021-32792.json modified: 2021/33xxx/CVE-2021-33037.json modified: 2021/33xxx/CVE-2021-33193.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33813.json modified: 2021/33xxx/CVE-2021-33880.json modified: 2021/34xxx/CVE-2021-34428.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/34xxx/CVE-2021-34798.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36160.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/39xxx/CVE-2021-39275.json modified: 2021/3xxx/CVE-2021-3156.json modified: 2021/3xxx/CVE-2021-3200.json modified: 2021/3xxx/CVE-2021-3326.json modified: 2021/3xxx/CVE-2021-3449.json modified: 2021/3xxx/CVE-2021-3450.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3518.json modified: 2021/3xxx/CVE-2021-3520.json modified: 2021/3xxx/CVE-2021-3537.json modified: 2021/3xxx/CVE-2021-3572.json modified: 2021/3xxx/CVE-2021-3711.json modified: 2021/3xxx/CVE-2021-3712.json modified: 2021/3xxx/CVE-2021-3807.json modified: 2021/40xxx/CVE-2021-40438.json modified: 2021/40xxx/CVE-2021-40690.json modified: 2021/41xxx/CVE-2021-41099.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41182.json modified: 2021/41xxx/CVE-2021-41183.json modified: 2021/41xxx/CVE-2021-41184.json modified: 2021/41xxx/CVE-2021-41617.json modified: 2021/41xxx/CVE-2021-41973.json modified: 2021/42xxx/CVE-2021-42013.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42392.json modified: 2021/42xxx/CVE-2021-42717.json modified: 2021/43xxx/CVE-2021-43527.json modified: 2021/43xxx/CVE-2021-43797.json modified: 2021/43xxx/CVE-2021-43818.json modified: 2021/43xxx/CVE-2021-43859.json modified: 2021/44xxx/CVE-2021-44224.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44531.json modified: 2021/44xxx/CVE-2021-44532.json modified: 2021/44xxx/CVE-2021-44533.json modified: 2021/44xxx/CVE-2021-44790.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/4xxx/CVE-2021-4034.json modified: 2021/4xxx/CVE-2021-4104.json modified: 2021/4xxx/CVE-2021-4133.json modified: 2021/4xxx/CVE-2021-4160.json modified: 2021/4xxx/CVE-2021-4181.json modified: 2021/4xxx/CVE-2021-4182.json modified: 2021/4xxx/CVE-2021-4183.json modified: 2021/4xxx/CVE-2021-4184.json modified: 2021/4xxx/CVE-2021-4185.json modified: 2022/0xxx/CVE-2022-0391.json modified: 2022/0xxx/CVE-2022-0778.json modified: 2022/20xxx/CVE-2022-20612.json modified: 2022/20xxx/CVE-2022-20613.json modified: 2022/20xxx/CVE-2022-20614.json modified: 2022/20xxx/CVE-2022-20615.json modified: 2022/21xxx/CVE-2022-21271.json modified: 2022/21xxx/CVE-2022-21375.json modified: 2022/21xxx/CVE-2022-21446.json modified: 2022/21xxx/CVE-2022-21461.json modified: 2022/21xxx/CVE-2022-21463.json modified: 2022/21xxx/CVE-2022-21493.json modified: 2022/21xxx/CVE-2022-21494.json modified: 2022/21xxx/CVE-2022-21716.json modified: 2022/21xxx/CVE-2022-21824.json modified: 2022/22xxx/CVE-2022-22719.json modified: 2022/22xxx/CVE-2022-22720.json modified: 2022/22xxx/CVE-2022-22721.json modified: 2022/22xxx/CVE-2022-22947.json modified: 2022/22xxx/CVE-2022-22963.json modified: 2022/22xxx/CVE-2022-22965.json modified: 2022/23xxx/CVE-2022-23181.json modified: 2022/23xxx/CVE-2022-23221.json modified: 2022/23xxx/CVE-2022-23302.json modified: 2022/23xxx/CVE-2022-23305.json modified: 2022/23xxx/CVE-2022-23307.json modified: 2022/23xxx/CVE-2022-23437.json modified: 2022/23xxx/CVE-2022-23852.json modified: 2022/23xxx/CVE-2022-23943.json modified: 2022/23xxx/CVE-2022-23990.json modified: 2022/24xxx/CVE-2022-24329.json modified: 2022/25xxx/CVE-2022-25235.json modified: 2022/25xxx/CVE-2022-25236.json modified: 2022/25xxx/CVE-2022-25313.json modified: 2022/25xxx/CVE-2022-25314.json modified: 2022/25xxx/CVE-2022-25315.json 2022-04-19 16:28:20 -07:00			`},`
			`{`
"-Synchronized-Data." 2022-04-20 00:02:37 +00:00			`"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"`
			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",`
			`"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"`
Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm Add CVE-2021-32672 for GHSA-9mj9-xx53-qmxm 2021-10-04 17:38:32 +00:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-9mj9-xx53-qmxm",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2021-05-12 22:00:55 +00:00			`}`
			`}`