CVE-2024-25115
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-25115
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25115.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-25115
- Aliases
-
- GHSA-w583-p2wh-4vj5
- Published
- 2024-04-09T17:31:48.469Z
- Modified
- 2025-12-05T03:14:19.773711Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- RedisBloom heap buffer overflow in CF.LOADCHUNK command
- Details
-
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted
CF.LOADCHUNKcommands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-120", "CWE-122" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25115.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25115.json
- https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5
- https://nvd.nist.gov/vuln/detail/CVE-2024-25115