Debian Hiredis vulnerabilities

CVE-2021-32765 [HIGH] CVE-2021-32765: hiredis - Hiredis is a minimalistic C client library for the Redis database. In affected v... Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and th

CVE-2020-7105 [HIGH] CVE-2020-7105: hiredis - async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointe... async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. Scope: local bookworm: resolved (fixed in 0.14.0-5) bullseye: resolved (fixed in 0.14.0-5) forky: resolved (fixed in 0.14.0-5) sid: resolved (fixed in 0.14.0-5) trixie: resolved (fixed in 0.14.0-5)