9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.023 Low
EPSS
Percentile
89.8%
The Redis Team reports:
CVE-2021-41099
Integer to heap buffer overflow handling certain string commands
and network payloads, when proto-max-bulk-len is manually configured.
CVE-2021-32762
Integer to heap buffer overflow issue in redis-cli and redis-sentinel
parsing large multi-bulk replies on some older and less common platforms.
CVE-2021-32687
Integer to heap buffer overflow with intsets, when set-max-intset-entries
is manually configured to a non-default, very large value.
CVE-2021-32675
Denial Of Service when processing RESP request payloads with a large
number of elements on many connections.
CVE-2021-32672
Random heap reading issue with Lua Debugger.
CVE-2021-32628
Integer to heap buffer overflow handling ziplist-encoded data types,
when configuring a large, non-default value for hash-max-ziplist-entries,
hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.
CVE-2021-32627
Integer to heap buffer overflow issue with streams, when configuring
a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
CVE-2021-32626
Specially crafted Lua scripts may result with Heap buffer overflow.
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.023 Low
EPSS
Percentile
89.8%