{"id":"CVE-2021-32628","details":"Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.","aliases":["BIT-keydb-2021-32628","BIT-redis-2021-32628","BIT-valkey-2021-32628","GHSA-vw22-qm3h-49pr"],"modified":"2026-05-18T21:06:59.333269Z","published":"2021-10-04T18:15:08.577Z","related":["ALSA-2021:3918","ALSA-2021:3945","SUSE-SU-2021:3772-1","openSUSE-SU-2021:3772-1","openSUSE-SU-2024:11563-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.0"},{"last_affected":"11.0"}]},{"vendor_product":"fedoraproject:fedora","source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"33"},{"last_affected":"34"},{"last_affected":"35"}]},{"vendor_product":"oracle:communications_operations_monitor","source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"4.3"},{"last_affected":"4.4"},{"last_affected":"5.0"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-17"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211104-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5001"},{"type":"FIX","url":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"882ca6962f4ca32683b0e8db831de1b425c27d3c"},{"fixed":"704ba5f5b22ae1ecafbcfb7a3258311c27ff94ff"},{"introduced":"17dfd7cabbf7954f92b7a1243d4bb27fee5d4500"},{"fixed":"5895d119b1c2825ff0394f30e246e036c3972bc5"},{"introduced":"445aa844b946a8f1bc21ac8554b44adb1ecb4018"},{"fixed":"4930d19e70c391750479951022e207e19111eb55"},{"fixed":"f6a40570fa63d5afdd596c78083d754081d80ae3"}],"database_specific":{"cpe":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"5.0.0"},{"fixed":"5.0.14"},{"introduced":"6.0.0"},{"fixed":"6.0.16"},{"introduced":"6.2.0"},{"fixed":"6.2.6"}]}}],"versions":["6.2.5","6.0.15","5.0.13","5.0.12","6.0.14","6.2.4","6.2.3","6.0.13","6.2.2","6.0.12","6.2.1","6.2.0","6.0.11","5.0.11","5.0.10","6.0.10","6.0.9","6.0.8","6.0.7","6.0.6","6.0.5","6.0.4","6.0.3","6.0.2","6.0.1","6.0.0","5.0.9","5.0.8","5.0.7","5.0.6","5.0.5","5.0.4","5.0.3","5.0.2","5.0.1","5.0.0"],"database_specific":{"vanir_signatures_modified":"2026-05-18T21:06:59Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32628.json","vanir_signatures":[{"id":"CVE-2021-32628-01719506","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["177701553511143564093119879725566345440","199764994612888104607497992280608088301","129117989992799934603059871262758909151","17359490478578795834805083423475367548","263147971075931425752526012689307640450","294247329867196371717408024926112967307","133176106484560945393825496472922247038","128766861816263981164960786312188319065","70654786849244767536483762380181312514","78870234736737040893301187959451924228","297082868619909892303080081472134998110","11927999680604796934856631938498273902","340209939362095427583224694751553968484","81928889758845176396923434574761265030","208930722641923129059921308995362695909","245690651348514796521570061192943020750","212819539860652345885485810057246478359","133370108886801448967370727224564934261","53729820372085485207384814522930655785","53496649603118690311426739969111102097","173703220254829878929137615758343641908","317143679376861216178351509357938972637","169279536682054749965156934002937462045","329672105130871964040122468783423249257"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/t_stream.c"}},{"id":"CVE-2021-32628-04c68498","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["288485056619694596751445556543126664429","256182100627001761989047256629007168049","33727582157733654668139137897721504755","177419892107398134691726859704239632118","263951156671431835969718126071350354336","220571484219504716140290980063771480616","103127449055227958438085528442704519169","163976489739730733184700306178521489603","20167160050130643794612624795891576517","205523291679535760408233070687178146880","75407180318704451699303769443305508093","242864016329495059946638760692662821099","272524051449382528118291094191902452"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/t_hash.c"}},{"id":"CVE-2021-32628-05110169","deprecated":false,"signature_type":"Function","digest":{"function_hash":"91309076153243352249146321283396993661","length":541},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"quicklistPushTail","file":"src/quicklist.c"}},{"id":"CVE-2021-32628-0c768b94","deprecated":false,"signature_type":"Function","digest":{"function_hash":"132920217312579289773745424298387321351","length":205},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"ziplistResize","file":"src/ziplist.c"}},{"id":"CVE-2021-32628-0de9d950","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["210611520423077404946891946319715189016","55934303359036013918596004753592700518","57252226033592965323245710166157331932","258981314502037832612173667337209453995","300782722177223566922975113724058746628","133549279575560606140557575440095645820","27314810951193207875649949334855733209","170679454102668966340329810919453683881","295498677175001663023751281683469731343","57225972855468283163942325127262658787"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/ziplist.c"}},{"id":"CVE-2021-32628-167e5942","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["195204541667770013520141600413078159007","279990814234850762344727953607507389807","193508104611048612212726016817404726286","134467033957015621741244375739720089349","272873120876937714278504512308517371156","179572000319917358070713587792369696247","297849254937963034463743287279264923306","323640365950270945043985160258340972302","283576245254172506755554660154056109547","47364581810232383183021266832899262094","329565046288533581991532259988505726361","315522231216367887827252453685271006059","57140177250720795646202974416060333656","156745294029191785033234343570049487197","301194918315234647822455741760656056014","162570152296751051455705021392870566755","326261477032207413585866858238692290846","78003253544383493649887844251578578714","77912665739949452972599911483223083402","236518800490813470349044333555276957083","115351791456532707679092126629031760764","205545588928282696597182929461730793584","211861753689152748324562069687136389149","160018954943193346605884806879560925905","115428042357179253216956883640893278161"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/quicklist.c"}},{"id":"CVE-2021-32628-168e1c04","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["172443871991340767057463162520779906924","235847370442089854742676128873900178042","244395909071608528724197269998904015997","27175349102203525673280952587684547413","258817744127217747288883482643140933841","143050433043590966532316185121067661559","87808741918782979800104723367925483712","231991171355329311584632920418976896951","85189494335913158176010470687980291516","217677430032727787972078646862517404652","134408682380390676084842919007510424701","268844364946848013518636234453147375377","310126683954214965139843044127407324945","281445662832323709543670183407108286215"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/geo.c"}},{"id":"CVE-2021-32628-1a17035c","deprecated":false,"signature_type":"Function","digest":{"function_hash":"39687838347341526323018632619305220918","length":2968},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"streamAppendItem","file":"src/t_stream.c"}},{"id":"CVE-2021-32628-1ee7c7b4","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["99076856558016291924102625756699022123","98972798996975030337141047836123259696","14268177750262809685249398012484378503","15359576852344062880232393722397949982"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/ziplist.h"}},{"id":"CVE-2021-32628-249b8ec2","deprecated":false,"signature_type":"Function","digest":{"function_hash":"90265181006230318811611646856749800631","length":1694},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"lpEncodeGetType","file":"src/listpack.c"}},{"id":"CVE-2021-32628-31ca3aaf","deprecated":false,"signature_type":"Function","digest":{"function_hash":"112330770517121000039232327522959277665","length":541},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"quicklistPushHead","file":"src/quicklist.c"}},{"id":"CVE-2021-32628-3b7a95af","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["24110433281875764672032790734884389410","117650172945218533809776779357026449871","301662065285162593218131936641067428377","72865938207446049125523494487498647524","213273947003507008386012669152825614509","231210276460449169283532253117315654716","82676045794465673364783675446435911013","56142510655416651071269507259636255563","189850259357585849351976402464721555057","208049004548083478565265189332674761315","262420932257718585990115520807432644459","40955647932275861486178704689151642274","100249114575472810186208221690837991714","176654667695266647313870950203717073939","296052064969951524489212579904030216435","225953350606807691493295573344534332393","316533542182559705148247453253960581116","297767290672962915195414220163028756632","205664758542945928852735460895386053645","324127199920898750250597635899987267741","275787030715810464059678937101113637493","20865370763735933323772823127734446555","339630219601153057236917056034051246204","123112452208080878624113352331048875016","225173273843812918802135966802119699172","252986373572721326099248248436334364306","94446040391600978029071489973728464097","26030528401666948246421338639997579213","105992650920126735872314024649349131770","307297918514814707606189858147336484023","168655573907901644286447313574074056454","17165711132224818531725091899768011240"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/rdb.c"}},{"id":"CVE-2021-32628-3f26c394","deprecated":false,"signature_type":"Function","digest":{"function_hash":"274621646806361906276528551447901913094","length":4583},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"zunionInterGenericCommand","file":"src/t_zset.c"}},{"id":"CVE-2021-32628-454a0e78","deprecated":false,"signature_type":"Function","digest":{"function_hash":"226406602047279618917192082269054122073","length":2147},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"lposCommand","file":"src/t_list.c"}},{"id":"CVE-2021-32628-52d77fdb","deprecated":false,"signature_type":"Function","digest":{"function_hash":"140182390882677862547066485310992804303","length":12289},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"rdbLoadObject","file":"src/rdb.c"}},{"id":"CVE-2021-32628-579c3653","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["149955274742854954766259869346684759289","236362705615084218546954124100880258343","183754018898431210549385062993938261538","126010687001262674798729781930524616765"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/server.h"}},{"id":"CVE-2021-32628-6f63190b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"75809927490991172769643658499131915668","length":1520},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"ziplistMerge","file":"src/ziplist.c"}},{"id":"CVE-2021-32628-72cfb255","deprecated":false,"signature_type":"Function","digest":{"function_hash":"180631831418372681249202813427165720340","length":4178},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"georadiusGeneric","file":"src/geo.c"}},{"id":"CVE-2021-32628-8f92c28e","deprecated":false,"signature_type":"Function","digest":{"function_hash":"207903653856882867014778696354130019360","length":356},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"hashTypeTryConversion","file":"src/t_hash.c"}},{"id":"CVE-2021-32628-907c5cc7","deprecated":false,"signature_type":"Function","digest":{"function_hash":"306785812365850904109700852646403278454","length":2931},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"_quicklistInsert","file":"src/quicklist.c"}},{"id":"CVE-2021-32628-912a0bfb","deprecated":false,"signature_type":"Function","digest":{"function_hash":"249219195116954592425469489703188153558","length":778},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"lsetCommand","file":"src/t_list.c"}},{"id":"CVE-2021-32628-b115261f","deprecated":false,"signature_type":"Function","digest":{"function_hash":"162047016710286561014166243975017541613","length":809},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"pushGenericCommand","file":"src/t_list.c"}},{"id":"CVE-2021-32628-b6cb1b5e","deprecated":false,"signature_type":"Function","digest":{"function_hash":"263266771022276878817357085197690834045","length":2350},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"xaddCommand","file":"src/t_stream.c"}},{"id":"CVE-2021-32628-b706f104","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["250982122532079358754146037785897745408","283364816835013923766661816908547352058","81457738705579922018585731761905880746","79513166440052618151219075040837533899","269423261538255460886980716652914072376","130918808362170891593433373042479073199","113645945080694125006491732606098787738","94506643686344061482107593509636210230","139598671582448924683512737457462869144","207674720322574234076463970751186383663","9198769407778293045285123811123872602","323235824336655422379822867301793722402","285835579273974968687892731760460882218","228612794428184613930068829647502451611","279993597579990528049181054587334418055","321335138575290857667867543324109486468","127973287076990402473134039137525167310","309193392602207378614207396585087108197","11950358553789364313226684022157392714","251997356566027646400748654995723407244","228391877626034483441700424175860208674","136499363286471729919714697769091024672","37817138168459089748083366699839994373","64125791146697354221649356379549003209","87446965919807842712218194404817012157","245611291182348996389467441784091433566","261849033514812517788044919055064315052","298248708429272973838107492081236769411","57271926300135858814577226386429076524","160500026225486866299952790337506573327","210501059035237548150537562595423053890","329924258112861499112476387891792600805","138771430106124441272069127371601044397","8821187989833122165312644879414386126","100954909795419123891071252790065998445","294030063407891041413367695668517742964","234204278832825309533114557553798302221","90739172576420442894680546534184995641","188424109757762392494905749524159250492"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/t_zset.c"}},{"id":"CVE-2021-32628-cdf742ac","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["72292482566148834012000618912210368031","325031419240253178036942024937355082097","255509595743686890355910317700592951091","275779194293982648146011495571087244052","47436238245233871449106196737985136849","35026163213989830206767743110825688363","302726123548352976104789974585754272371","135801311168932918499774931661834554148","312606358042403271572996756622954848190","89916009023167624747295594240656875744","58741712327766914764851443662106412430","91552763336979899063624863872212656700","136413113036240483727207215332138472446","116363217085679543192903239112644534601","210088501704161836337020437363680551515","294609441930946665328623209786798168215","226990167909708559446874936218504356387"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/t_list.c"}},{"id":"CVE-2021-32628-e870699e","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["74435646081275722299723196010566971905","68246649293747989281628623974082104813","99329104348290071453565437547767678057","225700913088614051919515300649198513211"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"file":"src/listpack.c"}},{"id":"CVE-2021-32628-eda5c9ae","deprecated":false,"signature_type":"Function","digest":{"function_hash":"175577866949753503047131411956016363047","length":945},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"linsertCommand","file":"src/t_list.c"}},{"id":"CVE-2021-32628-f0bc7778","deprecated":false,"signature_type":"Function","digest":{"function_hash":"333140670001780378370110421832451901535","length":1005},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"lremCommand","file":"src/t_list.c"}},{"id":"CVE-2021-32628-f233d282","deprecated":false,"signature_type":"Function","digest":{"function_hash":"179634473205533345697813392655128495910","length":2046},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"zsetAdd","file":"src/t_zset.c"}},{"id":"CVE-2021-32628-fbdfec93","deprecated":false,"signature_type":"Function","digest":{"function_hash":"30702052946324888488543236717270496274","length":294},"source":"https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3","signature_version":"v1","target":{"function":"zsetConvertToZiplistIfNeeded","file":"src/t_zset.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}