BIT-valkey-2024-31228

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/valkey/BIT-valkey-2024-31228.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-valkey-2024-31228
Aliases
Published
2024-10-09T16:44:40.936Z
Modified
2024-10-09T17:27:01.680991Z
Summary
[none]
Details

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / valkey

Package

Name
valkey
Purl
pkg:bitnami/valkey

Severity

  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.2.5
Fixed
6.2.16
Introduced
7.0.0
Fixed
7.2.6
Introduced
7.3.0
Fixed
7.4.1