Vulnerability Description
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5
- https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5
FAQ
What is CVE-2024-25115?
CVE-2024-25115 is a vulnerability with a CVSS score of 7.0 (HIGH). RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated...
How severe is CVE-2024-25115?
CVE-2024-25115 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25115?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.