| Message ID | 20211018161628.1499728-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/hiredis: security bump to version 1.0.2 | expand |
On Mon, 18 Oct 2021 18:16:28 +0200 Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote: > Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the > Redis database. In affected versions Hiredis is vulnurable to integer > overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` > protocol data. When parsing `multi-bulk` (array-like) replies, hiredis > fails to check if `count * sizeof(redisReply*)` can be represented in > `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make > this check, it would result in a short allocation and subsequent buffer > overflow. > > https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/hiredis/hiredis.hash | 2 +- > package/hiredis/hiredis.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the > Redis database. In affected versions Hiredis is vulnurable to integer > overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` > protocol data. When parsing `multi-bulk` (array-like) replies, hiredis > fails to check if `count * sizeof(redisReply*)` can be represented in > `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make > this check, it would result in a short allocation and subsequent buffer > overflow. > https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2021.02.x and 2021.08.x, thanks.
diff --git a/package/hiredis/hiredis.hash b/package/hiredis/hiredis.hash index fc01d1f60d..a45cf68f99 100644 --- a/package/hiredis/hiredis.hash +++ b/package/hiredis/hiredis.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 2a0b5fe5119ec973a0c1966bfc4bd7ed39dbce1cb6d749064af9121fe971936f hiredis-1.0.0.tar.gz +sha256 e0ab696e2f07deb4252dda45b703d09854e53b9703c7d52182ce5a22616c3819 hiredis-1.0.2.tar.gz sha256 dca05ce8fc87a8261783b4aed0deef8becc9350b6aa770bc714d0c1833b896eb COPYING diff --git a/package/hiredis/hiredis.mk b/package/hiredis/hiredis.mk index a166bcc23d..83f0268c2b 100644 --- a/package/hiredis/hiredis.mk +++ b/package/hiredis/hiredis.mk @@ -5,7 +5,7 @@ ################################################################################ HIREDIS_VERSION_MAJOR = 1.0 -HIREDIS_VERSION = $(HIREDIS_VERSION_MAJOR).0 +HIREDIS_VERSION = $(HIREDIS_VERSION_MAJOR).2 HIREDIS_SITE = $(call github,redis,hiredis,v$(HIREDIS_VERSION)) HIREDIS_LICENSE = BSD-3-Clause HIREDIS_LICENSE_FILES = COPYING
Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/hiredis/hiredis.hash | 2 +- package/hiredis/hiredis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)