AZL-6847

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6847.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6847

Upstream

CVE-2021-32672

Published

2021-10-04T18:15:08Z

Modified

2026-04-01T05:21:25.283518Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

CVE-2021-32672 affecting package redis for versions less than 6.2.6-1

Details

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-32672

Affected packages

Azure Linux:2 / redis

Package

Name: redis
Purl: pkg:rpm/azure-linux/redis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6847.json"