nchan icon indicating copy to clipboard operation
nchan copied to clipboard
verified publisher icon slact

fix the integer overflow

Open Crispy-fried-chicken opened this issue 2 years ago • 3 comments

fix the vulnerability mentioned in https://github.com/slact/nchan/issues/682

Crispy-fried-chicken avatar Feb 27 '24 08:02 Crispy-fried-chicken

...are you serious? Okay, then.

https://github.com/slact/nchan/blob/4461dbe99aecb51bf1afe6d00404c610f6ef706e/src/store/redis/hiredis/CHANGELOG.md?plain=1#L1-L4

There is nothing to fix.

slact avatar Feb 27 '24 19:02 slact

but you can see in the newest version of hiredis, the https://github.com/redis/hiredis/blob/398e16e7cc20545a19f2af2293cc6f04310e6b7a/sds.c#L93C1-L93C78 is added which is similiar to the fix of the CVE-2021-21309, maybe you can fix it? Cause the vulnerability still exist.

Crispy-fried-chicken avatar Feb 28 '24 02:02 Crispy-fried-chicken

Okay okay I guess you're serious. Fine, even though there's no way to exploit this without letting Nginx accept >4Gb messages (instant DoS), which is way outside the realm of sanity, I will upgrade hiredis to the latest version.

slact avatar Mar 06 '24 02:03 slact