CVE-2024-25115

Name of the Vulnerable Software and Affected Versions RedisBloom versions 2.0.0 through 2.4.6 RedisBloom versions 2.6.0 through 2.6.9

Description RedisBloom adds a set of probabilistic data structures to Redis. Specially crafted CF.LOADCHUNK commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution.

Recommendations For RedisBloom versions 2.0.0 through 2.4.6, update to version 2.4.7 to resolve the issue. For RedisBloom versions 2.6.0 through 2.6.9, update to version 2.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the CF.LOADCHUNK command to minimize the risk of exploitation.