{"id":"USN-5221-1","summary":"redis vulnerabilities","details":"It was discovered that Redis incorrectly handled certain specially crafted\nLua scripts. A remote attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2021-32626)\n\nIt was discovered that Redis incorrectly handled some malformed requests\nwhen using Redis Lua Debugger. A remote attacker could possibly use this\nissue to cause a denial of service or other unspecified impact. This issue\nonly affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672)\n\nIt was discovered that Redis incorrectly handled certain Redis Standard\nProtocol (RESP) requests. A remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2021-32675)\n\nIt was discovered that Redis incorrectly handled some configuration\nparameters with specially crafted network payloads. A remote attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. Vulnerabilities CVE-2021-32627 and CVE-2021-41099\nonly affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.\n(CVE-2021-32627, CVE-2021-32628, CVE-2021-32687, CVE-2021-41099).\n\nIt was discovered that Redis incorrectly handled memory when processing\ncertain input in 32-bit systems. A remote attacker could possibly use\nthis issue to cause a denial of service or execute arbitrary code.\nOne vulnerability (CVE-2021-32761) only affected Ubuntu 14.04 ESM,\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM and another vulnerability\n(CVE-2021-21309) only affected Ubuntu 18.04 ESM.\n(CVE-2021-32761, CVE-2021-21309).\n","modified":"2026-02-10T04:42:25Z","published":"2022-08-03T10:10:42Z","related":["UBUNTU-CVE-2021-21309","UBUNTU-CVE-2021-32626","UBUNTU-CVE-2021-32627","UBUNTU-CVE-2021-32628","UBUNTU-CVE-2021-32672","UBUNTU-CVE-2021-32675","UBUNTU-CVE-2021-32687","UBUNTU-CVE-2021-32761","UBUNTU-CVE-2021-41099"],"upstream":["CVE-2021-21309","CVE-2021-32626","CVE-2021-32627","CVE-2021-32628","CVE-2021-32672","CVE-2021-32675","CVE-2021-32687","CVE-2021-32761","CVE-2021-41099","UBUNTU-CVE-2021-21309","UBUNTU-CVE-2021-32626","UBUNTU-CVE-2021-32627","UBUNTU-CVE-2021-32628","UBUNTU-CVE-2021-32672","UBUNTU-CVE-2021-32675","UBUNTU-CVE-2021-32687","UBUNTU-CVE-2021-32761","UBUNTU-CVE-2021-41099"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5221-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21309"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32626"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32627"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32628"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32672"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32675"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32687"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32761"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41099"}],"affected":[{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.4-2ubuntu0.2+esm2"}]}],"versions":["2:2.6.13-1","2:2.6.16-3","2:2.8.0-1","2:2.8.2-1","2:2.8.4-2","2:2.8.4-2ubuntu0.2","2:2.8.4-2ubuntu0.2+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"redis-server","binary_version":"2:2.8.4-2ubuntu0.2+esm2"},{"binary_name":"redis-tools","binary_version":"2:2.8.4-2ubuntu0.2+esm2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2021-32626","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32628","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32675","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32687","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32761","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5221-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.0.6-1ubuntu0.4+esm1"}]}],"versions":["2:3.0.3-3","2:3.0.5-1","2:3.0.5-2","2:3.0.5-3","2:3.0.5-4","2:3.0.6-1","2:3.0.6-1ubuntu0.2","2:3.0.6-1ubuntu0.3","2:3.0.6-1ubuntu0.4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"redis-sentinel","binary_version":"2:3.0.6-1ubuntu0.4+esm1"},{"binary_name":"redis-server","binary_version":"2:3.0.6-1ubuntu0.4+esm1"},{"binary_name":"redis-tools","binary_version":"2:3.0.6-1ubuntu0.4+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2021-32626","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32628","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32675","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32687","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32761","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5221-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm3?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5:4.0.9-1ubuntu0.2+esm3"}]}],"versions":["4:4.0.1-7","4:4.0.2-6","4:4.0.2-9","5:4.0.5-1","5:4.0.6-1","5:4.0.6-2","5:4.0.7-1","5:4.0.8-1","5:4.0.8-2","5:4.0.9-1","5:4.0.9-1ubuntu0.1","5:4.0.9-1ubuntu0.2","5:4.0.9-1ubuntu0.2+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"redis","binary_version":"5:4.0.9-1ubuntu0.2+esm3"},{"binary_name":"redis-sentinel","binary_version":"5:4.0.9-1ubuntu0.2+esm3"},{"binary_name":"redis-server","binary_version":"5:4.0.9-1ubuntu0.2+esm3"},{"binary_name":"redis-tools","binary_version":"5:4.0.9-1ubuntu0.2+esm3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2021-21309","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32626","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32627","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32628","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32672","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32675","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32687","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32761","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-41099","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5221-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5:5.0.7-2ubuntu0.1+esm1"}]}],"versions":["5:5.0.5-2build1","5:5.0.6-1","5:5.0.7-1","5:5.0.7-2","5:5.0.7-2ubuntu0.1~esm1","5:5.0.7-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"redis","binary_version":"5:5.0.7-2ubuntu0.1+esm1"},{"binary_name":"redis-sentinel","binary_version":"5:5.0.7-2ubuntu0.1+esm1"},{"binary_name":"redis-server","binary_version":"5:5.0.7-2ubuntu0.1+esm1"},{"binary_name":"redis-tools","binary_version":"5:5.0.7-2ubuntu0.1+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2021-32626","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32627","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32628","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32672","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32675","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-32687","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-41099","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5221-1.json"}}],"schema_version":"1.7.3"}