YaacovHazan

2 exploits Active since Apr 2024
CVE-2024-25115 WRITEUP HIGH WRITEUP
RedisBloom 2.0.0-2.4.6 and 2.5.0-2.6.9 - Authenticated Heap Overflow via CF.LOADCHUNK Command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS 7.0
CVE-2025-27151 WRITEUP MEDIUM WRITEUP
Redis 7.0.0-7.2.9 - Stack-based Buffer Overflow in redis-check-aof via File Path Copy
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
CVSS 4.7