CVE-2024-51737

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-122
View all →

Vulnerability Description

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.

Related Vulnerabilities

CVE-2018-1165

HIGH
CVSS:7.0(High)

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute l...

CWE-1222018

CVE-2022-24052

HIGH
CVSS:7.0(High)

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Aut...

CWE-1222022

CVE-2023-21733

HIGH
CVSS:7.0(High)

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-28218

HIGH
CVSS:7.0(High)

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-4504

HIGH
CVSS:7.0(High)

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue...

CWE-1222023

CVE-2024-43522

HIGH
CVSS:7.0(High)

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CWE-1222024