Open Crispy-fried-chicken opened 4 months ago
...are you serious? Okay, then.
There is nothing to fix.
but you can see in the newest version of hiredis, the https://github.com/redis/hiredis/blob/398e16e7cc20545a19f2af2293cc6f04310e6b7a/sds.c#L93C1-L93C78 is added which is similiar to the fix of the CVE-2021-21309, maybe you can fix it? Cause the vulnerability still exist.
Okay okay I guess you're serious. Fine, even though there's no way to exploit this without letting Nginx accept >4Gb messages (instant DoS), which is way outside the realm of sanity, I will upgrade hiredis to the latest version.
fix the vulnerability mentioned in https://github.com/slact/nchan/issues/682