CVE-2021-32672

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-32672
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32672.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32672
Aliases
Downstream
Related
Published
2021-10-04T18:15:08.780Z
Modified
2026-05-18T21:07:02.967370Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "10.0"
                },
                {
                    "last_affected": "11.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "33"
                },
                {
                    "last_affected": "34"
                },
                {
                    "last_affected": "35"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "fedoraproject:fedora"
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "4.3"
                },
                {
                    "last_affected": "4.4"
                },
                {
                    "last_affected": "5.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:communications_operations_monitor"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux"
        }
    ]
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
7ca8fbabe2081b0c8f72074cdd8dd7ef1863b86c
Fixed
704ba5f5b22ae1ecafbcfb7a3258311c27ff94ff
Introduced
17dfd7cabbf7954f92b7a1243d4bb27fee5d4500
Fixed
5895d119b1c2825ff0394f30e246e036c3972bc5
Introduced
445aa844b946a8f1bc21ac8554b44adb1ecb4018
Fixed
4930d19e70c391750479951022e207e19111eb55
Fixed
6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
Database specific 
{
    "extracted_events": [
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "5.0.14"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.16"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.2.6"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
}

Affected versions

6.*
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5

Database specific

vanir_signatures_modified 
"2026-05-18T21:07:02Z"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-32672-01c69a01",
        "signature_version": "v1",
        "digest": {
            "function_hash": "317564125385647258631515446476228874390",
            "length": 976.0
        },
        "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
        "target": {
            "file": "src/scripting.c",
            "function": "ldbReplParseCommand"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-32672-a6a86b05",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "120823697845019607967104986639700798388",
                "337405370187524436283833662412188245874",
                "52976036462305738424998361523712302715",
                "115907040841008265734411993486152633984",
                "256846541954209937173634192563606273301",
                "297633993523308980491455845083339034562",
                "191242670694469571052606084491816143893",
                "85858321810069706237631181945602266083",
                "22844239357405574869750516618680663975",
                "62647965359387630850995374088275454075",
                "130586143788112339966721377047393629423",
                "62874166062077122208860006585632891800",
                "63301309297223767187549666536846522567",
                "295908773895324095532999580993573466312",
                "109254972476570952022113907303005028396",
                "210840498263843464085399252211921254403",
                "184002517942049753791096239650357057129",
                "87423852731040584958789893474557578187",
                "174632260599682992664098521937441152434",
                "145318702385646759471267174713706020286",
                "143309227430553277608858302547395403419",
                "27581698092889084160877172864466405694",
                "301169613490832553977890726859332140605",
                "117335125399649687496828982355804482076",
                "105177812853954267859358698104382414315",
                "271536164718951338784576564582849116746",
                "303216379372443720130594988358165675928",
                "295979210924331036103030261793518313731",
                "72717110345814622862430976133406604053",
                "176078479171233001523192828403324918169",
                "112380243225641015549815642922215107898",
                "296981066181595428244653779350797435253",
                "338699234530122151201822880434941882731"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
        "target": {
            "file": "src/scripting.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-32672-deba9155",
        "signature_version": "v1",
        "digest": {
            "function_hash": "316168307147346159691763691724516844826",
            "length": 4875.0
        },
        "source": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
        "target": {
            "file": "src/scripting.c",
            "function": "ldbRepl"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32672.json"