Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Tue, 08 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 07 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Redis
Redis redis
CPEs cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Vendors & Products Redis
Redis redis
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Lua library commands may lead to stack overflow and RCE in Redis
Weaknesses CWE-121
CWE-20
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-07T19:51:08.775Z

Updated: 2024-11-19T04:55:42.670Z

Reserved: 2024-04-03T17:55:32.646Z

Link: CVE-2024-31449

cve-icon Vulnrichment

Updated: 2024-10-07T20:22:54.425Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-07T20:15:05.507

Modified: 2024-10-10T12:57:21.987

Link: CVE-2024-31449

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-07T19:51:08Z

Links: CVE-2024-31449 - Bugzilla