CVE-2021-32761
published 2021-07-21CVE-2021-32761: Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with…
PriorityP262high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
31.05%
98.0th percentile
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | redis | < redis 5:6.0.15-1 (bookworm) | redis 5:6.0.15-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_redis_6.2.5-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_redis_5.0.14-1_on_cbl_mariner_1.0 | — | — |
| redis | redis | — | — |
| redis | redis | — | — |
| redis | redis | — | — |
| redis | redis | >= 0 < 5:6.0.15-1 | 5:6.0.15-1 |
| redis | redis | >= 0 < 5:6.0.15-1 | 5:6.0.15-1 |
| redis | redis | >= 0 < 5:6.0.15-1 | 5:6.0.15-1 |
| redis | redis | >= 0 < 5:6.0.15-1 | 5:6.0.15-1 |
| redis | redis | >= 0 < 2:2.8.4-2ubuntu0.2+esm2 | 2:2.8.4-2ubuntu0.2+esm2 |
| redis | redis | >= 0 < 2:3.0.6-1ubuntu0.4+esm1 | 2:3.0.6-1ubuntu0.4+esm1 |
| redis | redis | >= 0 < 5:4.0.9-1ubuntu0.2+esm3 | 5:4.0.9-1ubuntu0.2+esm3 |
| redis | redis | >= 0 < 5:5.0.7-2ubuntu0.1+esm1 | 5:5.0.7-2ubuntu0.1+esm1 |
| redislabs | redis | >= 2.2.0 < 5.0.13 | 5.0.13 |
| redislabs | redis | >= 6.0 < 6.0.15 | 6.0.15 |
| redislabs | redis | >= 6.2.0 < 6.2.5 | 6.2.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered by issuing *BIT* commands (e.g., BITFIELD) on a 32-bit Redis instance after setting `proto-max-bulk-len` to a very large value via CONFIG SET — monitor for CONFIG SET proto-max-bulk-len with abnormally large values followed by BITFIELD/BITCOUNT/BITPOS/BITOP commands. ↗
- →Focus detection on 32-bit Redis deployments or Redis compiled as a 32-bit binary; 64-bit installations are not affected. ↗
- →Monitor Redis ACL logs and CONFIG SET command usage by unprivileged users as an indicator of attempted exploitation setup. ↗
- →Issuing the BITFIELD command on a 32-bit Redis instance may result in integer wrap-around leading to crash or RCE — alert on BITFIELD commands on 32-bit Redis processes. ↗
- ·Only Redis versions prior to 5.0.13, 6.0.15, and 6.2.5 are vulnerable; patch to these versions to remediate. ↗
- ·64-bit Redis packages on RHEL 7 and RHEL 8 are NOT affected; scope detection efforts to 32-bit deployments only. ↗
- ·As a workaround without patching, restrict the `proto-max-bulk-len` config parameter from being modified by unprivileged users via ACL. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
redis vulnerabilities
osv·2022-08-03·CVSS 8.8
CVE-2021-32626 [HIGH] redis vulnerabilities
redis vulnerabilities
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2021-32626)
It was discovered that Redis incorrectly handled some malformed requests
when using Redis Lua Debugger. A remote attacker could possibly use this
issue to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672)
It was discovered that Redis incorrectly handled certain Redis Standard
Protocol (RESP) requests. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2021-32675)
It was discovered that Redis incorrectly handled some configuration
parameters wi
OSV
CVE-2021-32761: Redis is an in-memory database that persists on disk
osv·2021-07-21·CVSS 7.5
CVE-2021-32761 [HIGH] CVE-2021-32761: Redis is an in-memory database that persists on disk
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem witho
Ubuntu
Redis vulnerabilities
vendor_ubuntu·2022-08-03·CVSS 5.4
CVE-2021-41099 [MEDIUM] Redis vulnerabilities
Title: Redis vulnerabilities
Summary: Several security issues were fixed in Redis.
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2021-32626)
It was discovered that Redis incorrectly handled some malformed requests
when using Redis Lua Debugger. A remote attacker could possibly use this
issue to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672)
It was discovered that Redis incorrectly handled certain Redis Standard
Protocol (RESP) requests. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2021-32675)
It was discovered t
Red Hat
redis: integer overflow issues with BITFIELD command on 32-bit systems
vendor_redhat·2021-07-21·CVSS 7.5
CVE-2021-32761 [HIGH] CWE-190 redis: integer overflow issues with BITFIELD command on 32-bit systems
redis: integer overflow issues with BITFIELD command on 32-bit systems
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patche
Microsoft
Integer overflow issues with *BIT commands on 32-bit systems
vendor_msrc·2021-07-13·CVSS 7.5
CVE-2021-32761 [HIGH] CWE-125 Integer overflow issues with *BIT commands on 32-bit systems
Integer overflow issues with *BIT commands on 32-bit systems
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: ht
Debian
CVE-2021-32761: redis - Redis is an in-memory database that persists on disk. A vulnerability involving ...
vendor_debian·2021·CVSS 7.5
CVE-2021-32761 [HIGH] CVE-2021-32761: redis - Redis is an in-memory database that persists on disk. A vulnerability involving ...
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem witho
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wjhttps://lists.debian.org/debian-lts-announce/2021/07/msg00017.htmlhttps://lists.debian.org/debian-lts-announce/2021/08/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/https://security.gentoo.org/glsa/202209-17https://security.netapp.com/advisory/ntap-20210827-0004/https://www.debian.org/security/2021/dsa-5001https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wjhttps://lists.debian.org/debian-lts-announce/2021/07/msg00017.htmlhttps://lists.debian.org/debian-lts-announce/2021/08/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/https://security.gentoo.org/glsa/202209-17https://security.netapp.com/advisory/ntap-20210827-0004/https://www.debian.org/security/2021/dsa-5001
2021-07-21
Published