CVE-2024-31228

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-31228
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31228.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31228
Aliases
Downstream
Related
Published
2024-10-07T19:51:06.784Z
Modified
2026-03-17T07:12:09.543169Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial-of-service due to unbounded pattern matching in Redis
Details

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31228.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-674"
    ]
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
19b55f8ebc5692a744e3484b0e2f6a722330dffe
Fixed
ad950e4c32d9ebff932f157cfad135bde4fadce4
Database specific 
{
    "versions": [
        {
            "introduced": "2.2.5"
        },
        {
            "fixed": "6.2.16"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
ae6a2aa95cd094b032e7a69b8b59f64dd1ed085f
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.2.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
74b289a0e12f9f65a6daeec6a66cadc76792f644
Database specific 
{
    "versions": [
        {
            "introduced": "7.3.0"
        },
        {
            "fixed": "7.4.1"
        }
    ]
}

Affected versions

1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
7.*
7.4-rc1
7.4-rc2
7.4.0
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31228.json"