← back
CVE-2024-51480

RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability

CVSS 7 HIGHEPSS 0.2%CWE-122CWE-190
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →