{"id":"CVE-2021-32761","details":"Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.","modified":"2026-04-16T04:35:19.935874607Z","published":"2021-07-21T21:15:07.670Z","related":["GHSA-8wxq-j7rp-g8wj","openSUSE-SU-2024:11299-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-17"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210827-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5001"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"595b5974f8865d5f77b8914336355472a619449d"},{"fixed":"021af7629590c638ae0d4867d4b397f6e0c38ec8"},{"introduced":"17dfd7cabbf7954f92b7a1243d4bb27fee5d4500"},{"fixed":"e0cf85b8484d0985cdd80fc295e4963ab3970877"},{"introduced":"445aa844b946a8f1bc21ac8554b44adb1ecb4018"},{"fixed":"db09f6eb2e70ae0661a0cd9ad9b58b9b566311a9"}],"database_specific":{"versions":[{"introduced":"2.2.0"},{"fixed":"5.0.13"},{"introduced":"6.0"},{"fixed":"6.0.15"},{"introduced":"6.2.0"},{"fixed":"6.2.5"}]}}],"versions":["6.0.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.14","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.2.0","6.2.1","6.2.2","6.2.3","6.2.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32761.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}