CVE-2021-32765 (https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap): Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24428f0153ac66a130c29e4c9a91b161f3da6278 commit 24428f0153ac66a130c29e4c9a91b161f3da6278 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-05 04:07:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-05 04:08:51 +0000 dev-libs/hiredis: add 1.0.1 Bug: https://bugs.gentoo.org/816318 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/hiredis/Manifest | 1 + dev-libs/hiredis/hiredis-1.0.1.ebuild | 87 +++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 commit a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2021-10-31 12:34:29 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2021-10-31 15:48:23 +0000 dev-python/hiredis: Revision bump for CVE-2021-32765 It includes a bundled copy of dev-libs/hiredis and is suffering the same security issue. URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 Bug: https://bugs.gentoo.org/816318 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Sven Wegener <swegener@gentoo.org> .../files/hiredis-2.0.0-CVE-2021-32765.patch | 36 ++++++++++++++++++++++ dev-python/hiredis/hiredis-2.0.0-r2.ebuild | 36 ++++++++++++++++++++++ 2 files changed, 72 insertions(+)
dev-db/redis also bundles a copy.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=46c10a2105787fddef62e75588d0eed768cad8b5 commit 46c10a2105787fddef62e75588d0eed768cad8b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:29:20 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:17 +0000 [ GLSA 202210-32 ] hiredis, hiredis-py: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/816318 Bug: https://bugs.gentoo.org/873079 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-32.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6663909d307d2d6b05e1d83e763e11db918a67ce commit 6663909d307d2d6b05e1d83e763e11db918a67ce Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-05-23 04:22:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-23 04:46:48 +0000 dev-libs/hiredis: drop 0.14.1 Bug: https://bugs.gentoo.org/816318 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/31137 dev-libs/hiredis/Manifest | 1 - .../hiredis-0.13.3-disable-network-tests.patch | 36 ---------- .../hiredis/files/hiredis-0.14.1-honor-AR.patch | 11 --- dev-libs/hiredis/hiredis-0.14.1.ebuild | 83 ---------------------- 4 files changed, 131 deletions(-)
