Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SUSE: Security Advisory (SUSE-SU-2021:3772-1)

Information

Severity

Severity

Critical

Family

Family

SuSE Local Security Checks

CVSSv2 Base

CVSSv2 Base

9.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update for the 'redis' package(s) announced via the SUSE-SU-2021:3772-1 advisory.

Insight

Insight

This update for redis fixes the following issues: CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305). CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305). CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302). CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300). CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306). CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304). CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303). CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299).

Affected Software

Affected Software

'redis' package(s) on SUSE Linux Enterprise Module for Server Applications 15-SP2, SUSE Linux Enterprise Module for Server Applications 15-SP3.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

Please install the updated package(s).