Логотип exploitDog
bind:CVE-2021-32687
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2021-32687

Количество 12

Количество 12

ubuntu логотип

CVE-2021-32687

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2021-32687

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2021-32687

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2021-32687

почти 4 года назад

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2021-32687

почти 4 года назад

Redis is an open source, in-memory database that persists on disk. An ...

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2021-05037

почти 4 года назад

Уязвимость параметра конфигурации set-max-intset-entries системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.5
EPSS: Низкий
rocky логотип

RLSA-2021:3945

почти 4 года назад

Important: redis:6 security update

EPSS: Низкий
rocky логотип

RLSA-2021:3918

почти 4 года назад

Important: redis:5 security update

EPSS: Низкий
oracle-oval логотип

ELSA-2021-3945

почти 4 года назад

ELSA-2021-3945: redis:6 security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2021-3918

почти 4 года назад

ELSA-2021-3918: redis:5 security update (IMPORTANT)

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:3772-1

больше 3 лет назад

Security update for redis

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:3772-1

больше 3 лет назад

Security update for redis

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
1%
Низкий
почти 4 года назад
redhat логотип
CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
1%
Низкий
почти 4 года назад
nvd логотип
CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.

CVSS3: 7.5
1%
Низкий
почти 4 года назад
msrc логотип
CVSS3: 7.5
1%
Низкий
почти 4 года назад
debian логотип
CVE-2021-32687

Redis is an open source, in-memory database that persists on disk. An ...

CVSS3: 7.5
1%
Низкий
почти 4 года назад
fstec логотип
BDU:2021-05037

Уязвимость параметра конфигурации set-max-intset-entries системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.5
1%
Низкий
почти 4 года назад
rocky логотип
RLSA-2021:3945

Important: redis:6 security update

почти 4 года назад
rocky логотип
RLSA-2021:3918

Important: redis:5 security update

почти 4 года назад
oracle-oval логотип
ELSA-2021-3945

ELSA-2021-3945: redis:6 security update (IMPORTANT)

почти 4 года назад
oracle-oval логотип
ELSA-2021-3918

ELSA-2021-3918: redis:5 security update (IMPORTANT)

почти 4 года назад
suse-cvrf логотип
openSUSE-SU-2021:3772-1

Security update for redis

больше 3 лет назад
suse-cvrf логотип
SUSE-SU-2021:3772-1

Security update for redis

больше 3 лет назад

Уязвимостей на страницу