CVE-2021-32672
Description
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.287
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-32672 are affected in Redis 6.2.5 | Windows |
| redis security update(DSA-5001-1) redis_5.0.14-1+deb10u1_all.deb | Linux |
| redis security update(DSA-5001-1) redis_6.0.16-1+deb11u1_all.deb | Linux |
| Vulnerability CVE-2021-32672 are affected in Redis 6.2.5 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234