Approved changes feed: RSS · Atom
cpe:2.3:a:redis:hiredis:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Redis (6c818399-7e28-57a6-8fa0-307b3f9a96f5) |
|---|---|
| Product | Hiredis (d8d13539-2c6a-5b6b-8ad3-0d9f971c832e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/hiredis |
purl2cpe | 2026-06-01 10:11:34.282449 |
pkg:deb/ubuntu/hiredis |
purl2cpe | 2026-06-01 10:11:34.282453 |
pkg:github/redis/hiredis |
purl2cpe | 2026-06-01 10:11:34.282456 |
pkg:rpm/fedora/hiredis |
purl2cpe | 2026-06-01 10:11:34.282460 |
pkg:rpm/opensuse/hiredis |
purl2cpe | 2026-06-01 10:11:34.282463 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-32765 |
vulnerable | 2026-06-08 05:32:07.992323 |
Integer Overflow to Buffer Overflow in Hiredis
HIGH (8.8)
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.
Published: 2021-10-04T00:00:00.000Z
Updated: 2024-08-03T23:33:55.893Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.