CVE-2024-51480

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-122
View all →

Vulnerability Description

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.

Related Vulnerabilities

CVE-2018-1165

HIGH
CVSS:7.0(High)

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute l...

CWE-1222018

CVE-2022-24052

HIGH
CVSS:7.0(High)

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Aut...

CWE-1222022

CVE-2023-21733

HIGH
CVSS:7.0(High)

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-28218

HIGH
CVSS:7.0(High)

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-4504

HIGH
CVSS:7.0(High)

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue...

CWE-1222023

CVE-2024-43522

HIGH
CVSS:7.0(High)

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CWE-1222024