CVE-2024-51480
📋 TL;DR
This vulnerability in RedisTimeSeries allows authenticated users to trigger an integer overflow and heap overflow by sending specially crafted arguments to specific commands (TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE). This could potentially lead to remote code execution. All Redis deployments using vulnerable RedisTimeSeries versions are affected.
💻 Affected Systems
- RedisTimeSeries
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the Redis process, potentially leading to complete system compromise.
Likely Case
Denial of service through Redis crash or instability, with potential for information disclosure via memory corruption.
If Mitigated
Limited to authenticated users only, reducing attack surface if proper authentication is enforced.
🎯 Exploit Status
Exploitation requires authentication and crafting specific command arguments to trigger the integer overflow.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.20, 1.8.15, 1.10.15, or 1.12.3
Vendor Advisory: https://github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rg
Restart Required: No
Instructions:
1. Identify your RedisTimeSeries version. 2. Upgrade to the appropriate patched version (1.6.20, 1.8.15, 1.10.15, or 1.12.3). 3. Reload the RedisTimeSeries module if using dynamic loading.
🔧 Temporary Workarounds
Disable vulnerable commands
allUse Redis ACL to restrict access to TS.QUERYINDEX, TS.MGET, TS.MRAGE, and TS.MREVRANGE commands
ACL SETUSER <username> -@all +@read +@write -TS.QUERYINDEX -TS.MGET -TS.MRAGE -TS.MREVRANGE
🧯 If You Can't Patch
- Implement strict network segmentation to limit RedisTimeSeries access to trusted users only
- Enforce strong authentication and limit user permissions using Redis ACL to minimize attack surface
🔍 How to Verify
Check if Vulnerable:
Check RedisTimeSeries version using TS.INFO command and compare against vulnerable versionsCheck Version:
TS.INFOVerify Fix Applied:
Verify version is 1.6.20, 1.8.15, 1.10.15, or 1.12.3 or higher using TS.INFO📡 Detection & Monitoring
Log Indicators:
- Unusual patterns of TS.QUERYINDEX, TS.MGET, TS.MRAGE, or TS.MREVRANGE commands with large or malformed arguments
- Redis crash logs or abnormal termination
Network Indicators:
- High volume of RedisTimeSeries commands from single sources
- Unusual command argument patterns in Redis protocol
SIEM Query:
source="redis.log" AND (command="TS.QUERYINDEX" OR command="TS.MGET" OR command="TS.MRAGE" OR command="TS.MREVRANGE") AND args_size>1000