CVE-2024-55656
Published: 08 January 2025
Summary
CVE-2024-55656 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
RedisBloom, a module that extends Redis with probabilistic data structures such as Count-Min Sketch, is affected by an integer overflow vulnerability (CWE-190) in the CMS.INITBYDIM command. The flaw resides in NewCMSketch(), which accepts attacker-controlled width and depth values and performs an allocation that wraps around, resulting in a smaller heap buffer than intended and subsequent out-of-bounds memory access.
An authenticated Redis client that knows the module password can send a crafted CMS.INITBYDIM command over the network to trigger the overflow. Successful exploitation grants the ability to read and write beyond the allocated buffer, enabling information disclosure and arbitrary memory corruption with high impact on confidentiality, integrity, and availability.
The issue is fixed in RedisBloom releases 2.2.19, 2.4.12, 2.6.14, and 2.8.2, as stated in the project’s GitHub security advisory. The EPSS score has remained flat at 0.1311 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52837
Vulnerability details
RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to…
more
allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow enables remote exploitation of RedisBloom (public-facing Redis module) via CMS.INITBYDIM for memory corruption and RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the integer overflow flaw in RedisBloom's CMS.INITBYDIM command, directly eliminating the vulnerability as fixed in versions 2.2.19, 2.4.12, 2.6.14, and 2.8.2.
Validates user-supplied width and depth parameters to CMS.INITBYDIM, preventing integer overflow during heap memory allocation in NewCMSketch().
Implements memory safeguards like address space layout randomization and heap protections to mitigate exploitation of under-allocated heap memory leading to info leaks and OOB writes.