ELA-499-1 hiredis security update

integer-overflow vulnerability

2021-10-23
Packagehiredis
Version0.11.0-4+deb8u2
Related CVEs CVE-2021-32765


It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of ‘multi-bulk’ replies.



For Debian 8 Jessie, these problems have been fixed in version 0.11.0-4+deb8u2.

We recommend that you upgrade your hiredis packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.