### [CVE-2021-32765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32765)
![](https://img.shields.io/static/v1?label=Product&message=hiredis&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-680%3A%20Integer%20Overflow%20to%20Buffer%20Overflow&color=brightgreen)

### Description

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/deepin-community/hiredis
- https://github.com/redis/hiredis
- https://github.com/terrablue/hirediz
- https://github.com/wl-ttg/test1