CVE-2024-51480

Name of the Vulnerable Software and Affected Versions RedisTimeSeries versions prior to 1.6.20 RedisTimeSeries versions prior to 1.8.15 RedisTimeSeries versions prior to 1.10.15 RedisTimeSeries versions prior to 1.12.3

Description The issue arises when an authenticated user executes specific commands, including TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE, with specially crafted command arguments, potentially leading to an integer overflow and a subsequent heap overflow. This could result in remote code execution.

Recommendations For versions prior to 1.6.20, update to version 1.6.20 or later. For versions prior to 1.8.15, update to version 1.8.15 or later. For versions prior to 1.10.15, update to version 1.10.15 or later. For versions prior to 1.12.3, update to version 1.12.3 or later. As a temporary workaround, consider restricting access to the commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE until a patch is applied.