{"vulnerability": "CVE-2024-51737", "sightings": [{"uuid": "d7083c67-31cb-4797-a031-c7a66bc1ce32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113793458635380791", "content": "", "creation_timestamp": "2025-01-08T15:33:02.927532Z"}, {"uuid": "e1d1fbfe-4916-435e-8df7-31154f59403e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfakqomnvl2k", "content": "", "creation_timestamp": "2025-01-08T16:15:59.045626Z"}, {"uuid": "7348d17c-346a-4e0f-96c0-d8bde68ba07a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfamb57ze32e", "content": "", "creation_timestamp": "2025-01-08T16:43:07.807117Z"}, {"uuid": "d344c7fa-d351-4774-9bf2-95febb78b001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://t.me/cvedetector/14694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51737 - RediSearch Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51737 \nPublished : Jan. 8, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T18:19:14.000000Z"}, {"uuid": "738379db-3ef7-4941-a24f-0a4b0a2bf2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51737\n\ud83d\udd39 Description: RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.\n\ud83d\udccf Published: 2025-01-08T15:27:15.780Z\n\ud83d\udccf Modified: 2025-01-08T15:43:17.211Z\n\ud83d\udd17 References:\n1. https://github.com/RediSearch/RediSearch/security/advisories/GHSA-p2pg-67m3-4c76\n2. https://github.com/RediSearch/RediSearch/commit/13a2936d921dbe5a2e3c72653e0bd7b26af3a6cb", "creation_timestamp": "2025-01-08T16:21:50.000000Z"}]}