1. CVE-Search
  2. CVE-2020-7105
ID CVE-2020-7105
Summary async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
References
Vulnerable Configurations
  • cpe:2.3:a:redislabs:hiredis:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:hiredis:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 31-01-2023 - 20:59)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
fedora
  • FEDORA-2020-53a54ef986
  • FEDORA-2020-f6cc7883b8
misc https://github.com/redis/hiredis/issues/747
mlist [debian-lts-announce] 20200129 [SECURITY] [DLA 2083-1] hiredis security update
Last major update 31-01-2023 - 20:59
Published 16-01-2020 - 04:15
Last modified 31-01-2023 - 20:59
Back to Top