Integer Overflow and Heap Overflow in RediSearch Redis Module

CVE-2024-51737

Summary

The RediSearch module for Redis is prone to an integer overflow vulnerability that can be triggered by an authenticated user executing commands such as FT.SEARCH or FT.AGGREGATE with malformed LIMIT or KNN command arguments. This flaw can lead to a heap overflow, posing a significant risk of remote code execution. To mitigate this vulnerability, users are advised to avoid configuring MAXSEARCHRESULTS and MAXAGGREGATERESULTS with excessively large values or negative settings, particularly -1. The issue has been addressed in versions 2.6.24, 2.8.21, and 2.10.10. Additional details can be found in the official advisories and commit logs.

References