High severity7.0NVD Advisory· Published Jan 8, 2025· Updated Apr 15, 2026

CVE-2024-51737

Description

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.

Patches

4700446acf8a

https://github.com/redisearch/redisearchvia osv

9b8f722c9111

https://github.com/redisearch/redisearchvia osv

c2482d231221

https://github.com/redisearch/redisearchvia osv

13a2936d921d

https://github.com/redisearch/redisearchvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000