What is CVE-2021-32628?

CVE-2021-32628 is a high-severity vulnerability in Netapp Management_services_for_element_software, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2021-10-04.

How severe is CVE-2021-32628?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2021-32628 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Netapp Management_services_for_element_software

CVE-2021-32628

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution…

Vulnerability class: Integer Overflow

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Netapp Management_services_for_element_software
Netapp Management_services_for_netapp_hci
Oracle Communications_operations_monitor — versions 4.3, 4.4, 5.0
Redis — versions >= 6.2.0, < 6.2.6, >= 6.0.0, < 6.0.16, < 5.0.14
Debian Debian_linux — versions 10.0, 11.0
Fedoraproject Fedora — versions 33, 34, 35

Weakness classification (CWE)

Public proof-of-concept exploits

References

security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
security-advisories@github.com (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2021-32628?: CVE-2021-32628 is a high-severity vulnerability in Netapp Management_services_for_element_software, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2021-10-04.
How severe is CVE-2021-32628?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2021-32628 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.