Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2021-32626

Опубликовано: 14 окт. 2021
Источник: msrc
CVSS3: 8.8
EPSS Низкий

Описание

Lua scripts can overflow the heap-based Lua stack in Redis

EPSS

Процентиль: 78%
0.01172
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-32626

CVSS3: 7.5
ubuntu
около 4 лет назад

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

redhat логотип

CVE-2021-32626

CVSS3: 7.5
redhat
около 4 лет назад

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

nvd логотип

CVE-2021-32626

CVSS3: 7.5
nvd
около 4 лет назад

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

debian логотип

CVE-2021-32626

CVSS3: 7.5
debian
около 4 лет назад

Redis is an open source, in-memory database that persists on disk. In ...

fstec логотип

BDU:2021-05031

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость интерпретатора скриптов Lua системы управления базами данных Redis. позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 78%
0.01172
Низкий

8.8 High

CVSS3