Vulnerability Description
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a88080
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4
- https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a88080
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4
FAQ
What is CVE-2024-25116?
CVE-2024-25116 is a vulnerability with a CVSS score of 5.5 (MEDIUM). RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runt...
How severe is CVE-2024-25116?
CVE-2024-25116 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25116?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.