vulnerability

FreeBSD: VID-c561ce49-eabc-11eb-9c3f-0800270512f4 (CVE-2021-32761): redis -- Integer overflow issues with BITFIELD command on 32-bit systems

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:P/I:P/A:P)	Jul 27, 2021	Nov 4, 2022	Mar 25, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Jul 27, 2021

Added

Nov 4, 2022

Modified

Mar 25, 2026

Description

Huang Zhw reports: On 32-bit versions, Redis BITFIELD command is vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves constructing specially crafted bit commands which overflow the bit offset. This problem only affects 32-bit versions of Redis.

Solutions

freebsd-upgrade-package-redisfreebsd-upgrade-package-redis-develfreebsd-upgrade-package-redis5

References

CVE-2021-32761
https://attackerkb.com/topics/CVE-2021-32761
CWE-125
CWE-680
CWE-190
EUVD-EUVD-2021-19529
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-19529

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today