CVE-2024-25116
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RedisBloom | RedisBloom | >= 2.0.0, < 2.4.7 | affected |
| RedisBloom | RedisBloom | >= 2.5.0, < 2.6.10 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4
- https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2a
References
- https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-wrwq-cfrx-pmg4
- https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.