Redis Vulnerability Security Update Advisory (CVE-2024-31449)

Oct 10 2024

Overview

An update has been released to address vulnerabilities in Redis. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-31449

Redis Server versions: ~ 2.6 (inclusive)

Resolved Vulnerabilities

A vulnerability that could allow an authenticated user to trigger a stack buffer overflow in the bit library using a specially crafted Lua script, leading to remote code execution (CVE-2024-31449)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-31449

Redis Server version: 6.2.16
Redis Server version: 7.2.6
Redis server version: 7.4.1

References

[1] CVE-2024-31449 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-31449

[2] Lua library commands may lead to stack overflow and potential RCE

https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5

[3] redis/commit

https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9

Redis Vulnerability Security Update Advisory (CVE-2024-31449)

Apple Family September 2024 1st Security Update Advisory

Google Android Family October 2024 Routine Security Update Advisory

Tags:

Apple Family September 2024 1st Security Update Advisory

Google Android Family October 2024 Routine Security Update Advisory