CVE-2024-25115
RedisBloom heap buffer overflow in CF.LOADCHUNK command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
RedisBloom · RedisBloom¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →