Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RediSearch Integer Overflow with LIMIT or KNN arguments can lead to RCE
Vulnerability Description
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
RediSearch 安全漏洞
Vulnerability Description
RediSearch是RediSearch开源的一个 Redis 模块,为 Redis 提供查询、二级索引和全文搜索。 RediSearch存在安全漏洞,该漏洞源于经过身份验证的redis用户使用特制的LIMIT或KNN命令参数执行FT.SEARCH,可能会触发整数溢出,从而导致堆溢出和潜在的远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A