Heap Overflow Vulnerability in RedisBloom Could Lead to Remote Code Execution
CVE-2024-25115

7HIGH

Key Information:

Vendor: Redisbloom
Status: Redisbloom
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-25115?

A vulnerability in RedisBloom allows authenticated users to exploit specially crafted CF.LOADCHUNK commands, leading to a heap overflow condition. This flaw could enable remote code execution, posing security risks to systems utilizing affected versions of RedisBloom. The vulnerability affects versions from 2.0.0 up to, but not including, 2.4.7 and 2.6.10. Users of RedisBloom are advised to update to the latest versions to mitigate potential threats.

Affected Version(s)

RedisBloom >= 2.0.0, < 2.4.7 < 2.0.0, 2.4.7

RedisBloom >= 2.5.0, < 2.6.10 < 2.5.0, 2.6.10

References

https://github.com/RedisBloom/RedisBloom/security/advisor...

x_refsource_CONFIRM

https://github.com/RedisBloom/RedisBloom/commit/2f3b38394...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Feb 5, 2024

CVE-2024-25115 Data

JSON

Redisbloom

What is CVE-2024-25115?

Affected Version(s)

References

CVSS V3.1

Timeline