DEBIAN-CVE-2021-32672

DEBIAN-CVE-2021-32672 PUBLISHED CVSS 4.300000190734863 MEDIUM

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	redis	0, 0, 0
Debian:11	redis	0, 6.0.15-1, 6.0.16-1
Debian:13	redis	0, 0, 0
Debian:12	redis	0, 0, 0

Exploit Intelligence

cve_db.json (github-poc)

Timeline

Oct 4, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-32672 advisory

Open in Interactive Console →