PT-2026-38471

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

CVE-2026-25589

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

PT-2026-37093

Name of the Vulnerable Software and Affected Versions RedisBloom versions prior to 2.8.20 Description RedisBloom, a probabilistic data structures module for Redis, fails to properly validate serialized values processed via the 'RESTORE' command. An authenticated attacker with permissions to execu...

Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the RedisBloom module. The issue results from the lack of proper validation of user-supplied dat...

CVE-2024-55656

CVE-2024-55656 (RedisBloom Integer Overflow) affects RedisBloom module used with Redis. The vulnerability occurs in CMS.INITBYDIM when allocating memory for a Count-Min Sketch using user-supplied width/depth, allowing heap memory under-allocation, leading to out-of-bounds read (OOB read) and writ...