AZL-52011

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52011.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-52011

Upstream

CVE-2024-31228

Published

2024-10-07T20:15:05Z

Modified

2026-04-01T05:16:28.100450Z

Summary

CVE-2024-31228 affecting package valkey for versions less than 8.0.1-1

Details

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-31228

Affected packages

Azure Linux:3 / valkey

Package

Name: valkey
Purl: pkg:rpm/azure-linux/valkey

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52011.json"