CVE-2024-25115

CVSS V2 None CVSS V3 None

Description

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

Overview

CVE ID
CVE-2024-25115

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-04-09T17:31:48.469Z

Last Modified Date
2024-04-09T17:31:48.469Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html
CWE-120	http://cwe.mitre.org/data/definitions/120.html

References

Reference URL	Reference Tags
https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5	x_refsource_CONFIRM
https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-25115
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25115

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 12:58:47				Added to TrackCVE