hiredis is vulnerable to denial of service (DoS). The vulnerability exists due to multiple NULL pointer derefence issues in async.c
and dict.c
in libhiredis.a
.
bugzilla.redhat.com/show_bug.cgi?id=1796474
github.com/redis/hiredis/commit/3e2ddf9cf72e7d5e19b096fbc03c411fdb9e92dc
github.com/redis/hiredis/issues/747
github.com/redis/hiredis/pull/752
lists.debian.org/debian-lts-announce/2020/01/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX/
lists.fedoraproject.org/archives/list/[email protected]/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/