Ashitaka Akasaka

**Name of the Vulnerable Software and Affected Versions** RedisBloom versions 2.0.0 through 2.4.6 RedisBloom versions 2.6.0 through 2.6.9 **Description** RedisBloom adds a set of probabilistic data structures to Redis. Specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. **Recommendations** For RedisBloom versions 2.0.0 through 2.4.6, update to version 2.4.7 to resolve the issue. For RedisBloom versions 2.6.0 through 2.6.9, update to version 2.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the `CF.LOADCHUNK` command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RedisBloom versions 2.0.0 through 2.4.6 RedisBloom versions 2.6.0 through 2.6.9 **Description** RedisBloom adds a set of probabilistic data structures to Redis. Authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. **Recommendations** For RedisBloom versions 2.0.0 through 2.4.6, update to version 2.4.7 to resolve the issue. For RedisBloom versions 2.6.0 through 2.6.9, update to version 2.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the `CF.RESERVE` command until a patch is available.