Name of the Vulnerable Software and Affected Versions:

RedisBloom versions prior to 2.2.19

RedisBloom versions prior to 2.4.12

RedisBloom versions prior to 2.6.14

RedisBloom versions prior to 2.8.2

Description:

There is an integer overflow vulnerability in RedisBloom, a module used in Redis. This vulnerability allows an attacker, who is a Redis client with knowledge of the password, to allocate memory in the heap that is lesser than the required memory due to wraparound. As a result, read and write operations can be performed beyond the allocated memory, leading to information leaks and out-of-bounds writes. The integer overflow is located in the `CMS.INITBYDIM` command, which initializes a Count-Min Sketch to dimensions specified by the user. It accepts two values, `width` and `depth`, and uses them to allocate memory in `NewCMSketch()`.

Recommendations:

For versions prior to 2.2.19, update to version 2.2.19 or later.

For versions prior to 2.4.12, update to version 2.4.12 or later.

For versions prior to 2.6.14, update to version 2.6.14 or later.

For versions prior to 2.8.2, update to version 2.8.2 or later.

As a temporary workaround, consider restricting access to the `CMS.INITBYDIM` command until a patch is available. Avoid using the `width` and `depth` parameters in the `CMS.INITBYDIM` command to minimize the risk of exploitation.