CVE-2021-32626
Lua scripts can overflow the heap-based Lua stack in Redis
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis es una base de datos en memoria de código abierto que persiste en el disco. En las versiones afectadas, los scripts de Lua especialmente diseñados que se ejecutan en Redis pueden causar el desbordamiento de la pila de Lua en la región heap de la memoria, debido a las comprobaciones incompletas de esta condición. Esto puede resultar en una corrupción de la pila y potencialmente en una ejecución de código remota . Este problema se presenta en todas las versiones de Redis con soporte para scripts Lua, a partir de la 2.6. El problema es corregido en las versiones 6.2.6, 6.0.16 y 5.0.14. Para usuarios que no puedan actualizar una solución adicional para mitigar el problema sin parchear el ejecutable del servidor Redis es evitar que los usuarios ejecuten scripts Lua. Esto puede hacerse usando ACL para restringir los comandos EVAL y EVALSHA
A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-10-04 CVE Published
- 2023-12-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c | Third Party Advisory | |
| https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E | Mailing List | |
| https://security.netapp.com/advisory/ntap-20211104-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591 | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 2.6 < 5.0.14 Search vendor "Redis" for product "Redis" and version " >= 2.6 < 5.0.14" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.0.0 < 6.0.16 Search vendor "Redis" for product "Redis" and version " >= 6.0.0 < 6.0.16" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.2.0 < 6.2.6 Search vendor "Redis" for product "Redis" and version " >= 6.2.0 < 6.2.6" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Netapp Hci Search vendor "Netapp" for product "Management Services For Netapp Hci" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.3 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.4 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 5.0 Search vendor "Oracle" for product "Communications Operations Monitor" and version "5.0" | - |
Affected
| ||||||