Integer Overflow Vulnerability in RedisBloom (CMS.INITBYDIM Command)

CVE-2024-55656

What is CVE-2024-55656?

CVE-2024-55656 is a critical vulnerability affecting the RedisBloom module, which extends Redis with advanced probabilistic data structures. This vulnerability arises from an integer overflow in the CMS.INITBYDIM command, potentially allowing attackers who possess the necessary credentials to manipulate memory allocation. By exploiting this flaw, an attacker can perform unauthorized read and write operations, which could lead to considerable negative consequences for organizations relying on RedisBloom for data management and analytics.

Technical Details

The vulnerability stems from how RedisBloom handles the CMS.INITBYDIM command used to initialize Count-Min Sketch structures based on user-defined dimensions. Specifically, integer overflow occurs when the specified width and depth parameters lead to insufficient memory allocation in the NewCMSketch() function, causing memory wraparound. This oversight facilitates both unauthorized memory access and potential data integrity issues through out-of-bounds (OOB) writes. The vulnerability has been addressed in the following fixed versions: 2.2.19, 2.4.12, 2.6.14, and 2.8.2.

Potential Impact of CVE-2024-55656

1. Information Leaks: Exploitation of this vulnerability can result in unauthorized access to sensitive data, revealing confidential information stored in RedisBloom databases.

2. Data Integrity Compromise: Attackers could manipulate memory beyond the intended boundaries, leading to corruption or unauthorized alteration of stored data, ultimately affecting the accuracy and reliability of data analytics.

3. System Instability: The ability to perform out-of-bounds writes may jeopardize the stability of the RedisBloom module, potentially causing crashes or service interruptions that disrupt organizational operations.

References