http://bugzilla.opensuse.org/show_bug.cgi?id=1191331 Bug ID: 1191331 Summary: VUL-0: CVE-2021-32765: hiredis: integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/311708/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-32765 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32765 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32765 https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7... https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+argum... -- You are receiving this mail because: You are on the CC list for the bug.