Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RedisBloom heap buffer overflow in CF.LOADCHUNK command
Vulnerability Description
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
RedisBloom 安全漏洞
Vulnerability Description
RedisBloom是RedisBloom开源的一个库。为 Redis 添加了一组概率数据结构。 RedisBloom存在安全漏洞,该漏洞源于经过身份验证的用户可能会使用特制的命令来执行堆溢出,这可能会导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A