CVE-2024-25115

Published: Apr 9, 2024Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (4)

https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad

Source: security-advisories@github.com

https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5

Source: security-advisories@github.com

https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.