CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0	Patch
https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis:7.4.0:-::::::
	cpe:2.3:a:redis:redis:7.4.0:rc1::::::
	cpe:2.3:a:redis:redis:7.4.0:rc2::::::

History

04 Sep 2025, 19:10

Type	Values Removed	Values Added
First Time		Redis Redis redis
CPE		cpe:2.3:a:redis:redis:7.4.0:rc1:::::: cpe:2.3:a:redis:redis:::::::: cpe:2.3:a:redis:redis:7.4.0:rc2:::::: cpe:2.3:a:redis:redis:7.4.0:-::::::
References	~~() https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0 -~~	() https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0 - Patch
References	~~() https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976 -~~	() https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976 - Vendor Advisory

Information

Published : 2024-10-07 20:15

Updated : 2025-09-04 19:10

NVD link : CVE-2024-31228

Mitre link : CVE-2024-31228

CVE.ORG link : CVE-2024-31228

JSON object : View

Products Affected

redis

redis

CWE

CWE-674

Uncontrolled Recursion

{"id": "CVE-2024-31228", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-07T20:15:05.277", "references": [{"url": "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Redis es una base de datos de c\u00f3digo abierto en memoria que persiste en el disco. Los usuarios autenticados pueden desencadenar una denegaci\u00f3n de servicio mediante el uso de patrones de coincidencia de cadenas largas especialmente manipulados en comandos compatibles, como `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` y definiciones de ACL. La coincidencia de patrones extremadamente largos puede provocar una recursi\u00f3n sin l\u00edmites, lo que lleva a un desbordamiento de pila y un bloqueo del proceso. Este problema se ha solucionado en las versiones 6.2.16, 7.2.6 y 7.4.1 de Redis. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."}], "lastModified": "2025-09-04T19:10:33.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E164B843-88D9-4962-ABDF-DCB38EDF35F6", "versionEndExcluding": "6.2.16", "versionStartIncluding": "2.2.5"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8A45E4-57CF-4B05-B188-A75BBDF37822", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:redis:redis:7.4.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C484C7C-4C3B-45F6-8DF5-84CFE5FF2717"}, {"criteria": "cpe:2.3:a:redis:redis:7.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14EE168F-747A-43EE-84B8-14C332A7F1CB"}, {"criteria": "cpe:2.3:a:redis:redis:7.4.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C983360E-DC98-4C5A-A088-7DCE273595A1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}