{"id":"CVE-2021-32672","details":"Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.","aliases":["BIT-keydb-2021-32672","BIT-redis-2021-32672","BIT-valkey-2021-32672","GHSA-9mj9-xx53-qmxm"],"modified":"2026-05-18T21:07:02.967370Z","published":"2021-10-04T18:15:08.780Z","related":["SUSE-SU-2021:3772-1","openSUSE-SU-2021:3772-1","openSUSE-SU-2024:11563-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"10.0"},{"last_affected":"11.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"33"},{"last_affected":"34"},{"last_affected":"35"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:communications_operations_monitor","extracted_events":[{"last_affected":"4.3"},{"last_affected":"4.4"},{"last_affected":"5.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-17"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211104-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5001"},{"type":"FIX","url":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"7ca8fbabe2081b0c8f72074cdd8dd7ef1863b86c"},{"fixed":"704ba5f5b22ae1ecafbcfb7a3258311c27ff94ff"},{"introduced":"17dfd7cabbf7954f92b7a1243d4bb27fee5d4500"},{"fixed":"5895d119b1c2825ff0394f30e246e036c3972bc5"},{"introduced":"445aa844b946a8f1bc21ac8554b44adb1ecb4018"},{"fixed":"4930d19e70c391750479951022e207e19111eb55"},{"fixed":"6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.2.0"},{"fixed":"5.0.14"},{"introduced":"6.0.0"},{"fixed":"6.0.16"},{"introduced":"6.2.0"},{"fixed":"6.2.6"}]}}],"versions":["6.2.5","6.0.15","6.0.14","6.2.4","6.2.3","6.0.13","6.2.2","6.0.12","6.2.1","6.2.0","6.0.11","6.0.10","6.0.9","6.0.8","6.0.7","6.0.6","6.0.5","6.0.4","6.0.3","6.0.2","6.0.1","6.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32672.json","vanir_signatures":[{"id":"CVE-2021-32672-01c69a01","source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","digest":{"length":976,"function_hash":"317564125385647258631515446476228874390"},"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"src/scripting.c","function":"ldbReplParseCommand"}},{"id":"CVE-2021-32672-a6a86b05","source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","digest":{"line_hashes":["120823697845019607967104986639700798388","337405370187524436283833662412188245874","52976036462305738424998361523712302715","115907040841008265734411993486152633984","256846541954209937173634192563606273301","297633993523308980491455845083339034562","191242670694469571052606084491816143893","85858321810069706237631181945602266083","22844239357405574869750516618680663975","62647965359387630850995374088275454075","130586143788112339966721377047393629423","62874166062077122208860006585632891800","63301309297223767187549666536846522567","295908773895324095532999580993573466312","109254972476570952022113907303005028396","210840498263843464085399252211921254403","184002517942049753791096239650357057129","87423852731040584958789893474557578187","174632260599682992664098521937441152434","145318702385646759471267174713706020286","143309227430553277608858302547395403419","27581698092889084160877172864466405694","301169613490832553977890726859332140605","117335125399649687496828982355804482076","105177812853954267859358698104382414315","271536164718951338784576564582849116746","303216379372443720130594988358165675928","295979210924331036103030261793518313731","72717110345814622862430976133406604053","176078479171233001523192828403324918169","112380243225641015549815642922215107898","296981066181595428244653779350797435253","338699234530122151201822880434941882731"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"src/scripting.c"}},{"id":"CVE-2021-32672-deba9155","source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","digest":{"length":4875,"function_hash":"316168307147346159691763691724516844826"},"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"src/scripting.c","function":"ldbRepl"}}],"vanir_signatures_modified":"2026-05-18T21:07:02Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}