CVE-2024-25115

Published: 2024-04-09T18:15Z

Last Modified: 2024-11-21T09:00Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt