Redis · Redisbloom · CVE-2024-25116
**Name of the Vulnerable Software and Affected Versions**
RedisBloom versions 2.0.0 through 2.4.6
RedisBloom versions 2.6.0 through 2.6.9
**Description**
RedisBloom adds a set of probabilistic data structures to Redis. Authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process.
**Recommendations**
For RedisBloom versions 2.0.0 through 2.4.6, update to version 2.4.7 to resolve the issue.
For RedisBloom versions 2.6.0 through 2.6.9, update to version 2.6.10 to resolve the issue.
As a temporary workaround, consider restricting access to the `CF.RESERVE` command until a patch is available.