CVE-2024-25115 Information

Description

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10 specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.

Reference

https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-w583-p2wh-4vj5 https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad