High severity7.0NVD Advisory· Published Jan 8, 2025· Updated Apr 15, 2026

CVE-2024-51480

Description

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.

Patches

03924e04eeb3

https://github.com/redistimeseries/redistimeseriesvia osv

d956b4715f36

https://github.com/redistimeseries/redistimeseriesvia osv

22857975a1b0

https://github.com/redistimeseries/redistimeseriesvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/RedisTimeSeries/RedisTimeSeries/security/advisories/GHSA-73x6-fqww-x8rgnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000