← volver
CVE-2024-51480

RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability

CVSS 7 HIGHEPSS 0.2%CWE-122CWE-190
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →