Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 816318 (CVE-2021-32765) - <dev-libs/hiredis-1.0.1: Integer overflow (CVE-2021-32765)
Summary: <dev-libs/hiredis-1.0.1: Integer overflow (CVE-2021-32765)
Status: IN_PROGRESS
Alias: CVE-2021-32765
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa? cleanup]
Keywords:
Depends on: 820170
Blocks:
  Show dependency tree
 
Reported: 2021-10-05 03:59 UTC by Sam James
Modified: 2021-11-19 12:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-10-05 03:59:31 UTC
CVE-2021-32765 (https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap):

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
Comment 1 Larry the Git Cow gentoo-dev 2021-10-05 04:09:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24428f0153ac66a130c29e4c9a91b161f3da6278

commit 24428f0153ac66a130c29e4c9a91b161f3da6278
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-05 04:07:00 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-05 04:08:51 +0000

    dev-libs/hiredis: add 1.0.1
    
    Bug: https://bugs.gentoo.org/816318
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/hiredis/Manifest             |  1 +
 dev-libs/hiredis/hiredis-1.0.1.ebuild | 87 +++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2021-10-31 15:48:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8

commit a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2021-10-31 12:34:29 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2021-10-31 15:48:23 +0000

    dev-python/hiredis: Revision bump for CVE-2021-32765
    
    It includes a bundled copy of dev-libs/hiredis and is suffering the same
    security issue.
    
    URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
    Bug: https://bugs.gentoo.org/816318
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 .../files/hiredis-2.0.0-CVE-2021-32765.patch       | 36 ++++++++++++++++++++++
 dev-python/hiredis/hiredis-2.0.0-r2.ebuild         | 36 ++++++++++++++++++++++
 2 files changed, 72 insertions(+)
Comment 3 Sven Wegener gentoo-dev 2021-10-31 15:53:55 UTC
dev-db/redis also bundles a copy.