PT-2021-7752 · Redis+5 · Redis+5
Published
2021-10-04
·
Updated
2026-05-18
·
CVE-2021-32672
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Redis versions 3.2 through 6.2.5
Redis versions 3.2 through 6.0.15
Redis versions 3.2 through 5.0.13
can be simplified to:
Redis versions 3.2 through 6.2.5
Description
The issue affects Redis, an open source, in-memory database that persists on disk, when using the Redis Lua Debugger. Users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This can allow a remote attacker to access confidential data using a specially crafted request.
Recommendations
For versions prior to 6.2.6, update to version 6.2.6 or later.
For versions prior to 6.0.16, update to version 6.0.16 or later.
For versions prior to 5.0.14, update to version 5.0.14 or later.
As a temporary workaround, consider disabling the Lua debugging support until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Redis
Suse
Ubuntu