Home > Vulnerability Database > CVE-2024-25115

Mend.io Vulnerability Database

CVE-2024-25115

Date: April 9, 2024

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted "CF.LOADCHUNK" commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

Language: C

Severity Score

7.0

Related Resources (4)

Url: https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5

Url: https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25115

Url: https://www.mend.io/vulnerability-database/CVE-2024-25115

Severity Score

7.0

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25115

Date: April 9, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?