hiredis, hiredis-py: Multiple Vulnerabilities

Background

hiredis is a minimalistic C client library for the Redis database. hiredis-py is a Python extension that wraps hiredis.

Description

Hiredis is vulnerable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data. When parsing multi-bulk (array-like) replies, hiredis fails to check if count * sizeof(redisReply*) can be represented in SIZE_MAX. If it can not, and the calloc() call doesn’t itself make this check, it would result in a short allocation and subsequent buffer overflow.

Impact

Malicious Redis commands could result in remote code execution.

Workaround

There is no known workaround at this time.

Resolution

All hiredis users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/hiredis-1.0.1"

All hiredis-py users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-python/hiredis-2.0.0"