Description

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-10-07T19:51:06.784Z

Last Modified :

2025-11-03T21:54:38.487Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-31228 vulnerability.

Vendors Products
Redhat
  • Discovery
  • Enterprise Linux
Redis
  • Redis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-31228.

URL Resource
https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0 cve-icon cve-icon cve-icon
https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-31228 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-31228 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact