Vulnerability Details : CVE-2021-32765
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
Vulnerability category: Overflow
Products affected by CVE-2021-32765
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
- cpe:2.3:a:redis:hiredis:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32765
3.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32765
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2021-32765
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
-
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2021-32765
-
https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e
Fix for integer/buffer overflow CVE-2021-32765 · redis/hiredis@76a7b10 · GitHubPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20211104-0003/
October 2021 Redis Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
Integer Overflow to Buffer Overflow in hiredis · Advisory · redis/hiredis · GitHubMitigation;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html
[SECURITY] [DLA 2783-1] hiredis security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202210-32
hiredis, hiredis-py: Multiple Vulnerabilities (GLSA 202210-32) — Gentoo securityThird Party Advisory
-
https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap
MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap - SEI CERT C Coding Standard - ConfluenceThird Party Advisory
Jump to