Lucene search
K

33 matches found

cve
cve
added 2025/01/08 3:38 p.m.76 views

CVE-2024-55656

CVE-2024-55656 (RedisBloom Integer Overflow) affects RedisBloom module used with Redis. The vulnerability occurs in CMS.INITBYDIM when allocating memory for a Count-Min Sketch using user-supplied width/depth, allowing heap memory under-allocation, leading to out-of-bounds read (OOB read) and writ...

8.8CVSS8.5AI score0.15009EPSS
Exploits1References1
nvd
nvd
added 2024/04/09 6:15 p.m.11 views

CVE-2024-25116

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

5.5CVSS5.4AI score0.00198EPSS
Exploits0References2
nvd
nvd
added 2024/04/09 6:15 p.m.22 views

CVE-2024-25115

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...

7CVSS7.2AI score0.00422EPSS
Exploits0References2
osv
osv
added 2024/04/09 5:35 p.m.12 views

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

5.5CVSS6.8AI score0.00198EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/04/09 5:35 p.m.12 views

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

5.5CVSS6.7AI score0.00198EPSS
Exploits0References2
cvelist
cvelist
added 2024/04/09 5:35 p.m.12 views

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

5.5CVSS5.7AI score0.00198EPSS
Exploits0References2
cve
cve
added 2024/04/09 5:35 p.m.55 views

CVE-2024-25116

RedisBloom adds probabilistic data structures to Redis. In versions prior to 2.4.7 and 2.6.10, authenticated users can issue CF.RESERVE to trigger a runtime assertion that terminates the Redis server process. The issue is fixed in RedisBloom 2.4.7 and 2.6.10. Exposure: LOCAL access with low privi...

5.5CVSS5.4AI score0.00198EPSS
Exploits0References2
cvelist
cvelist
added 2024/04/09 5:31 p.m.30 views

CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...

7CVSS7.4AI score0.00422EPSS
Exploits0References2
osv
osv
added 2024/04/09 5:31 p.m.19 views

CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...

7CVSS8AI score0.00422EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/04/09 5:31 p.m.30 views

CVE-2024-25115 RedisBloom heap buffer overflow in CF.LOADCHUNK command

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in...

7CVSS7.2AI score0.00422EPSS
Exploits0References2
cve
cve
added 2024/04/09 5:31 p.m.53 views

CVE-2024-25115

RedisBloom (the RedisBloom library) is affected by CVE-2024-25115 due to a heap overflow in CF.LOADCHUNK. Specifically, authenticated users could trigger a heap overflow in versions prior to 2.4.7 and prior to 2.6.10, potentially enabling remote code execution. The issue is fixed in RedisBloom 2....

7CVSS7.2AI score0.00422EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/04/09 12:0 a.m.5 views

RedisBloom 安全漏洞

RedisBloom is a library from the RedisBloom open source. Adds a set of probabilistic data structures to Redis. A security vulnerability exists in RedisBloom that stems from the possibility that an authenticated user may be able to perform a heap overflow using specially crafted commands, which...

7CVSS7.9AI score0.00422EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/04/09 12:0 a.m.5 views

RedisBloom 安全漏洞

RedisBloom is a library from the RedisBloom open source. Adds a set of probabilistic data structures to Redis. A security vulnerability exists in RedisBloom that stems from the fact that an authenticated user can use specially crafted commands to trigger runtime assertions and terminate Redis...

5.5CVSS6.8AI score0.00198EPSS
Exploits0References3
Rows per page
Query Builder