33 matches found
CVE-2024-55656
CVE-2024-55656 (RedisBloom Integer Overflow) affects RedisBloom module used with Redis. The vulnerability occurs in CMS.INITBYDIM when allocating memory for a Count-Min Sketch using user-supplied width/depth, allowing heap memory under-allocation, leading to out-of-bounds read (OOB read) and writ...
CVE-2024-25116
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...
CVE-2024-25115
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...
CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...
CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...
CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...
CVE-2024-25116
RedisBloom adds probabilistic data structures to Redis. In versions prior to 2.4.7 and 2.6.10, authenticated users can issue CF.RESERVE to trigger a runtime assertion that terminates the Redis server process. The issue is fixed in RedisBloom 2.4.7 and 2.6.10. Exposure: LOCAL access with low privi...
CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...
CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...
CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...
CVE-2024-25115
RedisBloom (the RedisBloom library) is affected by CVE-2024-25115 due to a heap overflow in CF.LOADCHUNK. Specifically, authenticated users could trigger a heap overflow in versions prior to 2.4.7 and prior to 2.6.10, potentially enabling remote code execution. The issue is fixed in RedisBloom 2....
RedisBloom 安全漏洞
RedisBloom is a library from the RedisBloom open source. Adds a set of probabilistic data structures to Redis. A security vulnerability exists in RedisBloom that stems from the possibility that an authenticated user may be able to perform a heap overflow using specially crafted commands, which...
RedisBloom 安全漏洞
RedisBloom is a library from the RedisBloom open source. Adds a set of probabilistic data structures to Redis. A security vulnerability exists in RedisBloom that stems from the fact that an authenticated user can use specially crafted commands to trigger runtime assertions and terminate Redis...