CVE-2021-32765
Integer Overflow to Buffer Overflow in Hiredis
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
Hiredis es una librería cliente minimalista en C para la base de datos Redis. En las versiones afectadas, Hiredis es vulnerable al desbordamiento de enteros si se proporcionan datos del protocolo "RESP" "multi-bulk" maliciosamente diseñados o corruptos. Cuando se analizan las respuestas "multi-bulk" (tipo array), hiredis no comprueba si "count * sizeof(redisReply*)" puede representarse en "SIZE_MAX". Si no puede, y la llamada a "calloc()" no hace por sí misma esta comprobación, se produciría una asignación corta y el consiguiente desbordamiento del búfer. Los usuarios de hiredis que no puedan actualizar pueden establecer la opción de contexto [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) a un valor lo suficientemente pequeño como para que no sea posible el desbordamiento
An integer overflow has been found in hiredis which could result in arbitrary code execution. Versions less than 1.0.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-10-04 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 | Mitigation | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20211104-0003 | Third Party Advisory |
|
| https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e | 2022-12-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202210-32 | 2022-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redis Search vendor "Redis" | Hiredis Search vendor "Redis" for product "Hiredis" | < 1.0.1 Search vendor "Redis" for product "Hiredis" and version " < 1.0.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software And Netapp Hci Search vendor "Netapp" for product "Management Services For Element Software And Netapp Hci" | - | - |
Affected
| ||||||