CVE-2021-32762
Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
Redis es una base de datos en memoria de código abierto que persiste en el disco. La herramienta de línea de comandos redis-cli y el servicio redis-sentinel pueden ser vulnerables a un desbordamiento de enteros cuando analizan respuestas de red de gran tamaño especialmente diseñadas. Esto es resultado de una vulnerabilidad en la biblioteca hiredis subyacente que no lleva a cabo una comprobación de desbordamiento antes de llamar a la función de asignación de pila calloc(). Este problema sólo afecta a los sistemas con asignadores de pila que no llevan a cabo sus propias comprobaciones de desbordamiento. La mayoría de los sistemas modernos lo hacen y, por lo tanto, no es probable que estén afectados. Además, por defecto redis-sentinel usa el asignador jemalloc que tampoco es vulnerable. El problema se ha corregido en las versiones de Redis 6.2.6, 6.0.16 y 5.0.14
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-10-04 CVE Published
- 2024-06-19 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20211104-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71 | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 5.0.0 < 5.0.14 Search vendor "Redis" for product "Redis" and version " >= 5.0.0 < 5.0.14" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.0.0 < 6.0.16 Search vendor "Redis" for product "Redis" and version " >= 6.0.0 < 6.0.16" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.2.0 < 6.2.6 Search vendor "Redis" for product "Redis" and version " >= 6.2.0 < 6.2.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Netapp Hci Search vendor "Netapp" for product "Management Services For Netapp Hci" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.3 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.4 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 5.0 Search vendor "Oracle" for product "Communications Operations Monitor" and version "5.0" | - |
Affected
| ||||||