ByteOS Network

NVD Vulnerability Details :

CVE-2024-25115

Awaiting Analysis

Source-security-advisories@github.com

Published At-09 Apr, 2024 | 18:15

Updated At-10 Apr, 2024 | 13:24

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-120	Secondary	security-advisories@github.com
CWE-122	Secondary	security-advisories@github.com

CWE ID: CWE-120

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-122

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad	security-advisories@github.com	N/A
https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5	security-advisories@github.com	N/A

Hyperlink: https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History