CVE-2021-32672

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32672
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32672.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32672
Aliases
Downstream
Related
Published
2021-10-04T18:15:08Z
Modified
2025-10-15T13:02:05.812423Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0

6.*

6.0-rc1
6.0-rc2
6.0-rc3
6.0-rc4
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
            "signature_type": "Function",
            "target": {
                "file": "src/scripting.c",
                "function": "ldbReplParseCommand"
            },
            "id": "CVE-2021-32672-01c69a01",
            "digest": {
                "function_hash": "317564125385647258631515446476228874390",
                "length": 976.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
            "signature_type": "Line",
            "target": {
                "file": "src/scripting.c"
            },
            "id": "CVE-2021-32672-a6a86b05",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "120823697845019607967104986639700798388",
                    "337405370187524436283833662412188245874",
                    "52976036462305738424998361523712302715",
                    "115907040841008265734411993486152633984",
                    "256846541954209937173634192563606273301",
                    "297633993523308980491455845083339034562",
                    "191242670694469571052606084491816143893",
                    "85858321810069706237631181945602266083",
                    "22844239357405574869750516618680663975",
                    "62647965359387630850995374088275454075",
                    "130586143788112339966721377047393629423",
                    "62874166062077122208860006585632891800",
                    "63301309297223767187549666536846522567",
                    "295908773895324095532999580993573466312",
                    "109254972476570952022113907303005028396",
                    "210840498263843464085399252211921254403",
                    "184002517942049753791096239650357057129",
                    "87423852731040584958789893474557578187",
                    "174632260599682992664098521937441152434",
                    "145318702385646759471267174713706020286",
                    "143309227430553277608858302547395403419",
                    "27581698092889084160877172864466405694",
                    "301169613490832553977890726859332140605",
                    "117335125399649687496828982355804482076",
                    "105177812853954267859358698104382414315",
                    "271536164718951338784576564582849116746",
                    "303216379372443720130594988358165675928",
                    "295979210924331036103030261793518313731",
                    "72717110345814622862430976133406604053",
                    "176078479171233001523192828403324918169",
                    "112380243225641015549815642922215107898",
                    "296981066181595428244653779350797435253",
                    "338699234530122151201822880434941882731"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
            "signature_type": "Function",
            "target": {
                "file": "src/scripting.c",
                "function": "ldbRepl"
            },
            "id": "CVE-2021-32672-deba9155",
            "digest": {
                "function_hash": "316168307147346159691763691724516844826",
                "length": 4875.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}