PT-2021-4401 · Redis+9 · Redis+9

Published

2021-10-04

·

Updated

2026-05-18

·

CVE-2021-32626

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions 2.6 through 6.2.5 Redis versions 6.0.0 through 6.0.15 Redis versions 5.0.0 through 5.0.13
Description The issue is related to the Lua scripting support in Redis, where specially crafted Lua scripts can cause a heap-based Lua stack overflow due to incomplete checks. This can result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6.
Recommendations For versions 2.6 through 6.2.5, update to version 6.2.6 or later. For versions 6.0.0 through 6.0.15, update to version 6.0.16 or later. For versions 5.0.0 through 5.0.13, update to version 5.0.14 or later. As a temporary workaround for users unable to update, prevent users from executing Lua scripts by using ACL to restrict EVAL and EVALSHA commands.

Fix

RCE

Heap Based Buffer Overflow

Memory Corruption

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALSA-2021:3918
ALSA-2021:3945
ALT-PU-2021-3311
ALT-PU-2022-2429
ALT-PU-2023-4109
AZL-6844
BDU:2021-05031
BIT-KEYDB-2021-32626
BIT-REDIS-2021-32626
BIT-VALKEY-2021-32626
CESA-2021_3918
CESA-2021_3945
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2021-32626
DLA-2810-1
DSA-5001-1
GHSA-P486-XGGP-782C
MGASA-2021-0483
OESA-2021-1432
OESA-2021-1452
OESA-2022-1958
OESA-2025-1157
OPENSUSE-SU-2021:3772-1
OPENSUSE-SU-2021_3772-1
OPENSUSE-SU-2024:11563-1
RHSA-2021:3918
RHSA-2021:3944
RHSA-2021:3945
RHSA-2021:3946
RHSA-2021:3947
RHSA-2021:3971
RHSA-2021:3980
RHSA-2021_3918
RHSA-2021_3945
RLSA-2021:3918
RLSA-2021:3945
SUSE-SU-2021:3772-1
SUSE-SU-2021_3772-1
USN-5221-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Redis
Rocky Linux
Suse
Ubuntu