UBUNTU-CVE-2024-51737

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-51737

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-51737.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-51737

Related

CVE-2024-51737

Published

2025-01-08T16:15:00Z

Modified

2025-01-17T08:22:21Z

Summary

[none]

Details

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.

References

Affected packages

Ubuntu:Pro:18.04:LTS / redisearch

Package

Name: redisearch
Purl: pkg:deb/ubuntu/redisearch@1.0.8-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.90.0~alpha1-1

0.90.1-1

0.99.0-1

0.99.2-1

1.*

1.0.0-1

1.0.1-1

1.0.2-1

1.0.5-1

1.0.6-1

1.0.7-1

1.0.8-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / redisearch

Package

Name: redisearch
Purl: pkg:deb/ubuntu/redisearch@1:1.2.1-4?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.1-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / redisearch

Package

Name: redisearch
Purl: pkg:deb/ubuntu/redisearch@1:1.2.2-4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.2-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / redisearch

Package

Name: redisearch
Purl: pkg:deb/ubuntu/redisearch@1:1.2.2-4?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.2-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / redisearch

Package

Name: redisearch
Purl: pkg:deb/ubuntu/redisearch@1:1.2.2-4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.2-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}