How severe is CVE-2021-32626?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-32626?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2021-32626 - HIGH Severity | CVSS 8.8

Vulnerability Description

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Related Vulnerabilities

CVE-2015-6457

HIGH

CVSS:8.8(High)

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

CWE-1222015

CVE-2016-9580

HIGH

CVSS:8.8(High)

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

CWE-1222016

CVE-2016-9581

HIGH

CVSS:8.8(High)

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

CWE-1222016

CVE-2017-12704

HIGH

CVSS:8.8(High)

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validatio...

CWE-1222017

CVE-2017-13090

HIGH

CVSS:8.8(High)

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but does...

CWE-1222017

CVE-2017-6037

HIGH

CVSS:8.8(High)

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run ...

CWE-1222017