Логотип exploitDog
bind:CVE-2021-32675
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2021-32675

Количество 12

Количество 12

ubuntu логотип

CVE-2021-32675

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate u...

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2021-32675

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate u...

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2021-32675

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate usin

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2021-32675

почти 4 года назад

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2021-32675

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. Whe ...

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2021-04962

почти 4 года назад

Уязвимость сервера системы управления базами данных (СУБД) Redis, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
EPSS: Низкий
rocky логотип

RLSA-2021:3945

почти 4 года назад

Important: redis:6 security update

EPSS: Низкий
rocky логотип

RLSA-2021:3918

почти 4 года назад

Important: redis:5 security update

EPSS: Низкий
oracle-oval логотип

ELSA-2021-3945

почти 4 года назад

ELSA-2021-3945: redis:6 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2021-3918

почти 4 года назад

ELSA-2021-3918: redis:5 security update (IMPORTANT)

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:3772-1

больше 3 лет назад

Security update for redis

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:3772-1

больше 3 лет назад

Security update for redis

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate u...

CVSS3: 7.5
3%
Низкий
почти 4 года назад
redhat логотип
CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate u...

CVSS3: 7.5
3%
Низкий
почти 4 года назад
nvd логотип
CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate usin

CVSS3: 7.5
3%
Низкий
почти 4 года назад
msrc логотип
CVSS3: 7.5
3%
Низкий
почти 4 года назад
debian логотип
CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. Whe ...

CVSS3: 7.5
3%
Низкий
почти 4 года назад
fstec логотип
BDU:2021-04962

Уязвимость сервера системы управления базами данных (СУБД) Redis, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
3%
Низкий
почти 4 года назад
rocky логотип
RLSA-2021:3945

Important: redis:6 security update

почти 4 года назад
rocky логотип
RLSA-2021:3918

Important: redis:5 security update

почти 4 года назад
oracle-oval логотип
ELSA-2021-3945

ELSA-2021-3945: redis:6 security update (IMPORTANT)

почти 4 года назад
oracle-oval логотип
ELSA-2021-3918

ELSA-2021-3918: redis:5 security update (IMPORTANT)

почти 4 года назад
suse-cvrf логотип
openSUSE-SU-2021:3772-1

Security update for redis

больше 3 лет назад
suse-cvrf логотип
SUSE-SU-2021:3772-1

Security update for redis

больше 3 лет назад

Уязвимостей на страницу