Bug 2011017 (CVE-2021-32626)
Summary: | CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | agerstmayr, amackenz, amasferr, apevec, astrouse, bcoca, bdettelb, caswilli, chazlett, chousekn, cmeyers, davidn, dbecker, drieden, fabian.deutsch, fedora, fpercoco, gblomqui, gghezzo, gparvin, hhorak, jal233, jawerner, jcammara, jhardy, jjoyce, jobarker, jorton, jramanat, jschluet, jwong, kaycoth, lhh, lpeer, mabashia, mburns, mgoodwin, mkudlej, mmagr, nathans, notting, osapryki, pahickey, rcollet, redis-maint, relrod, rhos-maint, rpetrell, sclewis, sdoran, slinaber, smcdonal, stcannon, tjochec, tkuratom, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | astrouse:
needinfo+
astrouse: needinfo- |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | redis 6.2.6, redis 6.0.16, redis 5.0.14 | Doc Type: | If docs needed, set a value |
Doc Text: |
A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-15 02:08:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2012217, 2011214, 2011561, 2011562, 2011563, 2011564, 2011565, 2011566, 2011567, 2011568, 2011569, 2011570, 2011592, 2011645, 2011663, 2011743, 2012216, 2012364, 2012365, 2013313, 2013314, 2015079, 2015874, 2015875 | ||
Bug Blocks: | 2011061 |
Description
Pedro Sampaio
2021-10-05 18:47:02 UTC
Created redis tracking bugs for this issue: Affects: epel-7 [bug 2012217] Affects: fedora-all [bug 2012216] This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7 Via RHSA-2021:3873 https://access.redhat.com/errata/RHSA-2021:3873 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32626 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3918 https://access.redhat.com/errata/RHSA-2021:3918 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Via RHSA-2021:3925 https://access.redhat.com/errata/RHSA-2021:3925 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:3947 https://access.redhat.com/errata/RHSA-2021:3947 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3944 https://access.redhat.com/errata/RHSA-2021:3944 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3946 https://access.redhat.com/errata/RHSA-2021:3946 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3945 https://access.redhat.com/errata/RHSA-2021:3945 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 7 Via RHSA-2021:3949 https://access.redhat.com/errata/RHSA-2021:3949 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2021:3971 https://access.redhat.com/errata/RHSA-2021:3971 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2021:3980 https://access.redhat.com/errata/RHSA-2021:3980 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2021:4618 https://access.redhat.com/errata/RHSA-2021:4618 Can you please comment on: https://redhat.service-now.com/surl.do?n=INC2052240 |