CVE-2024-51737
📋 TL;DR
This CVE describes an integer overflow vulnerability in RediSearch, a Redis module for querying and full-text search. Authenticated Redis users can trigger heap overflow and potential remote code execution by sending specially crafted LIMIT or KNN arguments in FT.SEARCH or FT.AGGREGATE commands. Any Redis deployment using vulnerable RediSearch versions is affected.
💻 Affected Systems
- RediSearch
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the Redis process, potentially leading to complete system compromise, data exfiltration, or lateral movement.
Likely Case
Denial of service through Redis process crashes, with potential for information disclosure or limited code execution depending on exploit sophistication.
If Mitigated
Denial of service only if Redis is properly sandboxed and network access is restricted, preventing full RCE.
🎯 Exploit Status
Exploitation requires authenticated access to Redis and knowledge of crafting specific command arguments. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.24, 2.8.21, or 2.10.10
Vendor Advisory: https://github.com/RediSearch/RediSearch/security/advisories/GHSA-p2pg-67m3-4c76
Restart Required: No
Instructions:
1. Identify current RediSearch version. 2. Upgrade to patched version (2.6.24, 2.8.21, or 2.10.10) using package manager or manual installation. 3. Reload RediSearch module in Redis if needed (no full Redis restart required).
🔧 Temporary Workarounds
Limit configuration parameters
allSet MAXSEARCHRESULTS and MAXAGGREGATERESULTS to safe values to prevent exploitation via large LIMIT arguments.
CONFIG SET MAXSEARCHRESULTS 10000
CONFIG SET MAXAGGREGATERESULTS 10000
🧯 If You Can't Patch
- Restrict Redis network access to trusted sources only using firewall rules.
- Implement strict authentication and limit user privileges to minimize attack surface.
🔍 How to Verify
Check if Vulnerable:
Check RediSearch version via Redis command: FT.INFO index_name (look for 'index_definition' -> 'index_options' -> 'version'). Compare against vulnerable versions.Check Version:
FT.INFO any_index_name | grep versionVerify Fix Applied:
Verify version is 2.6.24, 2.8.21, or 2.10.10 or higher using FT.INFO command.📡 Detection & Monitoring
Log Indicators:
- Redis logs showing FT.SEARCH or FT.AGGREGATE commands with unusually large LIMIT values or KNN arguments
- Redis process crashes or abnormal memory usage patterns
Network Indicators:
- Network traffic containing FT.SEARCH or FT.AGGREGATE commands with suspicious arguments from untrusted sources
SIEM Query:
source="redis.logs" AND (command="FT.SEARCH" OR command="FT.AGGREGATE") AND (argument="LIMIT" OR argument="KNN") AND (value="-1" OR value>10000)