Hiredis through 0.14.0 NULL Pointer Dereference Vulnerability

Summary

Hiredis through 0.14.0 suffers from null pointer dereference vulnerability

Credit:

The information has been provided by Chris Lamb

The original article can be found at:https://github.com/redis/hiredis/issues/747


Details

Async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

 

Vulnerable Systems:

Hiredis through 0.14.0

 

CVE Information:

CVE-2020-7105

 

Disclosure Timeline:
Published Date:1/15/2020

Categories: News