CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-51480: RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability

7.0 CVSS

Description

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.

Classification

CVE ID: CVE-2024-51480

CVSS Base Severity: HIGH

CVSS Base Score: 7.0

Affected Products

Vendor: RedisTimeSeries

Product: RedisTimeSeries

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg

Timeline

2025-01-09 00:30:19 UTC
CVE

RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability