Yaacovhazan

**Name of the Vulnerable Software and Affected Versions** RedisBloom versions 2.0.0 through 2.4.6 RedisBloom versions 2.6.0 through 2.6.9 **Description** RedisBloom adds a set of probabilistic data structures to Redis. Specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. **Recommendations** For RedisBloom versions 2.0.0 through 2.4.6, update to version 2.4.7 to resolve the issue. For RedisBloom versions 2.6.0 through 2.6.9, update to version 2.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the `CF.LOADCHUNK` command to minimize the risk of exploitation.