{"id":"CVE-2021-32761","details":"Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.","modified":"2026-04-11T12:36:30.993319Z","published":"2021-07-21T21:15:07.670Z","related":["GHSA-8wxq-j7rp-g8wj","MGASA-2021-0373","openSUSE-SU-2024:11299-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"10.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"11.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"33"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"34"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-17"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210827-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"595b5974f8865d5f77b8914336355472a619449d"},{"fixed":"021af7629590c638ae0d4867d4b397f6e0c38ec8"},{"introduced":"17dfd7cabbf7954f92b7a1243d4bb27fee5d4500"},{"fixed":"e0cf85b8484d0985cdd80fc295e4963ab3970877"},{"introduced":"445aa844b946a8f1bc21ac8554b44adb1ecb4018"},{"fixed":"db09f6eb2e70ae0661a0cd9ad9b58b9b566311a9"}],"database_specific":{"cpe":"cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.2.0"},{"fixed":"5.0.13"},{"introduced":"6.0"},{"fixed":"6.0.15"},{"introduced":"6.2.0"},{"fixed":"6.2.5"}],"source":"CPE_FIELD"}}],"versions":["6.0.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.14","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.2.0","6.2.1","6.2.2","6.2.3","6.2.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32761.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}