{"id":"MGASA-2021-0483","summary":"Updated redis packages fix security vulnerability","details":"CVE-2021-32626: Specially crafted Lua scripts executing in Redis can cause\nthe heap-based Lua stack to be overflowed, due to incomplete checks for this\ncondition. This can result with heap corruption and potentially remote code\nexecution.\nCVE-2021-32627: An integer overflow bug in Redis 5.0 or newer can be exploited\nto corrupt the heap and potentially result with remote code execution.\nCVE-2021-32628: An integer overflow bug in the ziplist data structure used by\nall versions of Redis can be exploited to corrupt the heap and potentially\nresult with remote code execution.\nCVE-2021-32672: When using the Redis Lua Debugger, users can send malformed\nrequests that cause the debugger’s protocol parser to read data beyond the\nactual buffer.\nCVE-2021-32675: When parsing an incoming Redis Standard Protocol (RESP)\nrequest, Redis allocates memory according to user-specified values which\ndetermine the number of elements (in the multi-bulk header) and size of each\nelement (in the bulk header).\nCVE-2021-32687: An integer overflow bug affecting all versions of Redis can\nbe exploited to corrupt the heap and potentially be used to leak arbitrary\ncontents of the heap or trigger remote code execution.\nCVE-2021-32762: The redis-cli command line tool and redis-sentinel service\nmay be vulnerable to integer overflow when parsing specially crafted large\nmulti-bulk network replies.\nCVE-2021-41099: An integer overflow bug in the underlying string library can\nbe used to corrupt the heap and potentially result with denial of service or\nremote code execution.\n","modified":"2026-02-01T18:51:09.359997Z","published":"2021-10-20T21:28:32Z","related":["CVE-2021-32626","CVE-2021-32627","CVE-2021-32628","CVE-2021-32672","CVE-2021-32675","CVE-2021-32687","CVE-2021-32762","CVE-2021-41099"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0483.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29552"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"}],"affected":[{"package":{"name":"redis","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/redis?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.16-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0483.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}