CVE-2021-32627 – CVE-2021-32627 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-32627?

CVE-2021-32627 has a CVSS score of 7.5 (HIGH). CVE-2021-32627 is an integer overflow vulnerability in Redis that allows remote attackers to corrupt heap memory by setting configuration parameters to very large values and sending specially crafted stream elements. This can potentially lead to remote code execution. All Redis users running affected versions are vulnerable if attackers can modify configuration parameters.

📋 TL;DR

CVE-2021-32627 is an integer overflow vulnerability in Redis that allows remote attackers to corrupt heap memory by setting configuration parameters to very large values and sending specially crafted stream elements. This can potentially lead to remote code execution. All Redis users running affected versions are vulnerable if attackers can modify configuration parameters.

💻 Affected Systems

Products:

Redis

Versions: All versions before 6.2.6, 6.0.16, and 5.0.14

Operating Systems: All operating systems running Redis

Default Config Vulnerable: ✅ No

Notes: Requires attackers to modify proto-max-bulk-len and client-query-buffer-limit configuration parameters to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full compromise of the Redis server, potentially leading to data theft, system takeover, or lateral movement.

🟠

Likely Case

Denial of service through heap corruption causing Redis crashes, with potential for information disclosure from memory.

🟢

If Mitigated

Limited impact if ACL restrictions prevent unauthorized configuration changes, though DoS may still be possible.

🌐 Internet-Facing: HIGH - Redis instances exposed to the internet are directly vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal Redis instances are vulnerable to authenticated attackers or those who gain initial access to the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to modify Redis configuration parameters via CONFIG SET command.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Redis 6.2.6, 6.0.16, or 5.0.14

Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v

Restart Required: Yes

Instructions:

1. Download patched Redis version from official repository. 2. Stop Redis service. 3. Install patched version. 4. Restart Redis service. 5. Verify version with 'redis-server --version'.

🔧 Temporary Workarounds

ACL Restriction for CONFIG SET

all

Prevent unprivileged users from modifying configuration parameters using Redis ACL.

ACL SETUSER <username> -@all +ping +info +get +set +... (exclude +config)

🧯 If You Can't Patch

Implement strict network segmentation to isolate Redis from untrusted networks
Use Redis ACL to restrict all users from using CONFIG SET command

🔍 How to Verify

Check if Vulnerable:

Check Redis version with 'redis-server --version' or 'redis-cli info server | grep redis_version'. If version is before 6.2.6, 6.0.16, or 5.0.14, system is vulnerable.

Check Version:

redis-server --version

Verify Fix Applied:

Verify version is 6.2.6, 6.0.16, 5.0.14 or later using 'redis-server --version'.

📡 Detection & Monitoring

Log Indicators:

Unusual CONFIG SET commands in Redis logs
Redis crashes with heap corruption errors
Large stream element operations

Network Indicators:

Multiple CONFIG SET commands from single source
Unusually large payloads sent to Redis

SIEM Query:

source="redis.logs" AND ("CONFIG SET proto-max-bulk-len" OR "CONFIG SET client-query-buffer-limit")

📊 Metadata

CVE ID: CVE-2021-32627

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: October 4, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 Patch,Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17 Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/ Third Party Advisory
https://www.debian.org/security/2021/dsa-5001 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch,Third Party Advisory
https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 Patch,Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
https://security.gentoo.org/glsa/202209-17 Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0003/ Third Party Advisory
https://www.debian.org/security/2021/dsa-5001 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32627, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Communications Operations Monitor by Oracle

Communications Operations Monitor by Oracle

Communications Operations Monitor by Oracle

Debian Linux by Debian

Debian Linux by Debian

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Management Services For Element Software by Netapp

Management Services For Netapp Hci by Netapp

Redis by Redis

Redis by Redis

Redis by Redis

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

ACL Restriction for CONFIG SET

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities