CVE-2024-51737
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-51737
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51737.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-51737
- Aliases
-
- GHSA-p2pg-67m3-4c76
- Related
- Published
- 2025-01-08T16:15:35Z
- Modified
- 2025-01-15T05:27:41.338262Z
- Summary
- [none]
- Details
-
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
- References
Affected packages
Git / github.com/redisearch/redisearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redisearch/redisearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.5.2
0.5.3
v0.*
v0.1
v0.10
v0.11
v0.11.1
v0.12
v0.12.1
v0.13
v0.13.1
v0.14
v0.15
v0.15.1
v0.16
v0.17
v0.17.1
v0.17.2
v0.18
v0.18.1
v0.19.2
v0.19.3
v0.19.4
v0.19.5
v0.2
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.3
v0.4
v0.5
v0.5.1
v0.5.4
v0.6
v0.7
v0.7.1
v0.8
v0.8.2
v0.9
v0.90.0
v0.90.01
v0.99.0
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.2.0
v1.3.0-beta1
v1.3.0-preview2
v1.3.0-preview3
v1.4.0-rc1
v1.4.0-rc2
v1.4.0-rc3
v1.4.1-rc1
v1.4.1-rc2
v1.4.2
v1.4.2-rc1
v1.6.0
v1.6.6
v1.99.0
v1.99.1
v1.99.2
v1.99.3
v1.99.5