CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-55656 – RedisBloom Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-55656
08 Jan 2025 — RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-... • https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-x5rx-rmq3-ff3h • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25116 – Specially crafted CF.RESERVE command can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2024-25116
09 Apr 2024 — RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. RedisBloom agrega un conjunto de estructuras de datos probabilísticos a Redis. A partir de la versión 2.0.0 y anteriores a la versión 2.4.7 y 2.6.10, los usuarios autenticados pueden usar el comando `... • https://github.com/RedisBloom/RedisBloom/commit/61d980a429050637f1af9fe919a880800a824f2a • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25115 – RedisBloom heap buffer overflow in CF.LOADCHUNK command
https://notcve.org/view.php?id=CVE-2024-25115
09 Apr 2024 — RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. RedisBloom agrega un conjunto de estructuras de datos probabilísticos a Redis. A partir de la versión 2.0.0 y anteriores a las versiones 2.4.7 y 2.6.10, los usuarios autenticados pueden... • https://github.com/RedisBloom/RedisBloom/commit/2f3b38394515fc6c9b130679bcd2435a796a49ad • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •