ROSA LABROSA-SA-2024-2336Advisory ROSA-SA-2024-2336
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%
software: hiredis 0.13.3
AXIS: ROSA-CHROME
package_evr_string: hiredis-0.13.3-2.src.rpm
CVE-ID: CVE-2021-32765
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. When analyzing “multi-mass” (array-like) responses, Hiredis cannot check if count * sizeof(redisReply*) can be represented in SIZE_MAX. If this is not possible and the call to calloc() does not perform this check itself, it will result in a short memory allocation and subsequent buffer overflow.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update hiredis
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%