{"id":"CVE-2021-32672","details":"Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.","aliases":["BIT-keydb-2021-32672","BIT-redis-2021-32672","BIT-valkey-2021-32672"],"modified":"2026-04-16T04:36:06.064535711Z","published":"2021-10-04T18:15:08.780Z","related":["GHSA-9mj9-xx53-qmxm","SUSE-SU-2021:3772-1","openSUSE-SU-2021:3772-1","openSUSE-SU-2024:11563-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-17"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5001"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211104-0003/"},{"type":"FIX","url":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"7ca8fbabe2081b0c8f72074cdd8dd7ef1863b86c"},{"fixed":"704ba5f5b22ae1ecafbcfb7a3258311c27ff94ff"},{"introduced":"17dfd7cabbf7954f92b7a1243d4bb27fee5d4500"},{"fixed":"5895d119b1c2825ff0394f30e246e036c3972bc5"},{"introduced":"445aa844b946a8f1bc21ac8554b44adb1ecb4018"},{"fixed":"4930d19e70c391750479951022e207e19111eb55"},{"introduced":"0"},{"last_affected":"e91a340e241cf0abe3c6a0c254214fbe4aa1d95f"},{"introduced":"0"},{"last_affected":"882ca6962f4ca32683b0e8db831de1b425c27d3c"},{"fixed":"6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"}],"database_specific":{"versions":[{"introduced":"3.2.0"},{"fixed":"5.0.14"},{"introduced":"6.0.0"},{"fixed":"6.0.16"},{"introduced":"6.2.0"},{"fixed":"6.2.6"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"5.0"}]}}],"versions":["1.3.6","2.2-alpha0","2.2-alpha1","2.2-alpha2","2.2-alpha3","2.2-alpha4","2.2-alpha5","2.2-alpha6","2.2.0-rc1","2.3-alpha0","5.0-rc1","5.0-rc2","5.0-rc3","5.0-rc4","5.0-rc5","5.0-rc6","5.0.0","5.0.1","5.0.10","5.0.11","5.0.12","5.0.13","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","6.0.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.14","6.0.15","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.2.0","6.2.1","6.2.2","6.2.3","6.2.4","6.2.5","8.0-m01","8.0-m02","8.0-m03","8.0-m04","8.0-m04-int","8.0-rc1","8.0-rc1-int","8.0-rc1-int2","8.0-rc2-int","8.0.0","v1.3.10","v1.3.11","v1.3.7","v1.3.8","v1.3.9","v2.0.0-rc1","v2.1.1-watch","vm-playpen"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:25:54Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32672.json","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","digest":{"length":976,"function_hash":"317564125385647258631515446476228874390"},"id":"CVE-2021-32672-01c69a01","deprecated":false,"target":{"file":"src/scripting.c","function":"ldbReplParseCommand"}},{"signature_version":"v1","digest":{"line_hashes":["120823697845019607967104986639700798388","337405370187524436283833662412188245874","52976036462305738424998361523712302715","115907040841008265734411993486152633984","256846541954209937173634192563606273301","297633993523308980491455845083339034562","191242670694469571052606084491816143893","85858321810069706237631181945602266083","22844239357405574869750516618680663975","62647965359387630850995374088275454075","130586143788112339966721377047393629423","62874166062077122208860006585632891800","63301309297223767187549666536846522567","295908773895324095532999580993573466312","109254972476570952022113907303005028396","210840498263843464085399252211921254403","184002517942049753791096239650357057129","87423852731040584958789893474557578187","174632260599682992664098521937441152434","145318702385646759471267174713706020286","143309227430553277608858302547395403419","27581698092889084160877172864466405694","301169613490832553977890726859332140605","117335125399649687496828982355804482076","105177812853954267859358698104382414315","271536164718951338784576564582849116746","303216379372443720130594988358165675928","295979210924331036103030261793518313731","72717110345814622862430976133406604053","176078479171233001523192828403324918169","112380243225641015549815642922215107898","296981066181595428244653779350797435253","338699234530122151201822880434941882731"],"threshold":0.9},"source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","target":{"file":"src/scripting.c"},"id":"CVE-2021-32672-a6a86b05","deprecated":false,"signature_type":"Line"},{"signature_version":"v1","signature_type":"Function","source":"https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd","digest":{"length":4875,"function_hash":"316168307147346159691763691724516844826"},"id":"CVE-2021-32672-deba9155","deprecated":false,"target":{"file":"src/scripting.c","function":"ldbRepl"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}