How severe is CVE-2021-32625?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-32625?

This is classified as CWE-680, which is a common weakness in software security.

CVE-2021-32625

HIGH Year: 2021

CVSS v3 Score

8.8

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-680

View all →

Vulnerability Description

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).

CVE-2019-5087

HIGH

CVSS:8.8(High)

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row...

CWE-6802019

CVE-2020-10929

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vuln...

CWE-6802020

CVE-2020-6099

HIGH

CVSS:8.8(High)

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow res...

CWE-6802020

CVE-2020-6116

HIGH

CVSS:8.8(High)

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colors...

CWE-6802020

CVE-2021-21834

HIGH

CVSS:8.8(High)

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the...

CWE-6802021

CVE-2021-21835

HIGH

CVSS:8.8(High)

CWE-6802021

CVE-2021-32625

Vulnerability Description

Related Vulnerabilities

CVE-2019-5087

CVE-2020-10929

CVE-2020-6099

CVE-2020-6116

CVE-2021-21834

CVE-2021-21835