Candidate: CVE-2020-7105
PublicDate: 2020-01-16 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7105
 https://github.com/redis/hiredis/issues/747
Description:
 async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL
 pointer dereference because malloc return values are unchecked.
Ubuntu-Description:
 It was discovered that Hiredis did not properly catch unsuccessful attempts to
 allocate memory, resulting in null pointer dereferences. An attacker could
 potentially use this to cause Hiredis to crash.
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_hiredis:
upstream_hiredis: needed
precise/esm_hiredis: DNE
trusty_hiredis: ignored (out of standard support)
trusty/esm_hiredis: released (0.11.0-4+deb8u1)
xenial_hiredis: ignored (end of standard support, was needed)
bionic_hiredis: needed
disco_hiredis: ignored (reached end-of-life)
eoan_hiredis: ignored (reached end-of-life)
focal_hiredis: not-affected (0.14.0-6)
groovy_hiredis: not-affected (0.14.0-6)
hirsute_hiredis: not-affected (0.14.0-6)
impish_hiredis: not-affected (0.14.0-6)
jammy_hiredis: not-affected (0.14.0-6)
devel_hiredis: not-affected (0.14.0-6)