CVE-2024-25115

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25115
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25115.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25115
Aliases
  • GHSA-w583-p2wh-4vj5
Published
2024-04-09T18:15:08Z
Modified
2024-10-08T04:12:21.850101Z
Summary
[none]
Details

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

References

Affected packages

Git / github.com/redisbloom/redisbloom

Affected ranges

Type
GIT
Repo
https://github.com/redisbloom/redisbloom
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.99.0
v1.99.2

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.2.15
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.7
v2.6.8
v2.6.9