libhiredis.so is vulnerable to denial of service (DoS). The attack is possible due to the failure of checking malloc return values in async.c
and dict.c
, causing a NULL pointer dereference.
github.com/redis/hiredis/commit/669ac9d0c843f9ccf07d4969ff6bff75fafee01f
github.com/redis/hiredis/issues/747
github.com/redis/hiredis/pull/752
lists.debian.org/debian-lts-announce/2020/01/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/
lists.fedoraproject.org/archives/list/[email protected]/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/