CVE-2021-32765 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	Hiredis before version 1.0.1 is vulnurable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk (array-like) replies, hiredis fails to check if count * sizeof(redisReply*) can be represented in SIZE_MAX. If it can not, and the calloc() call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the maxelements context option to a value small enough that no overflow is possible.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2441	hiredis	1.0.0-1	1.0.1-1	High	Fixed

References
https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e

References

https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap
https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e