Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228

Last updated: 2025-07-11 14:34:28

Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228

Last updated: 2025-07-11 14:34:28

Recently, vulnerabilities CVE-2024-31449, CVE-2024-31228, and CVE-2024-31227 have been detected on Redis. TencentDB for Redis® has fixed these vulnerabilities. It is recommended that you upgrade to the latest instance minor version promptly to ensure business security and stable operation.
Vulnerability Impact
﻿CVE-2024-31449: Users who pass authentication by executing the AUTH command can use a specially crafted Lua attack script to trigger a stack buffer overflow in the bit library. This may cause a process crash and remote code execution.
﻿CVE-2024-31227: Users who pass authentication by executing the AUTH command can create an illegal ACL selector and use commands such as ACL LIST or ACL GETUSER to trigger an assertion failure. This will cause a process crash and denial-of-service (DoS) issues.
﻿CVE-2024-31228: Users who pass authentication by executing the AUTH command can create a special long string key in the database. They can use commands supporting string match, such as KEYS or SCANS, and a special long string match mode to match extremely long strings. This may lead to infinite recursion that suspends the process, stack overflow, process crash, and DoS issues.
Version Vulnerability Fixing Description
You can upgrade Redis instances to the minor versions shown in the table below to fix the security vulnerabilities. For detailed operations, see Upgrading Instance Version.
Compatible Version
Minor Version
Update
Redis 7.0
7.0.20
Fixed the security vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228.
Redis 6.2
6.2.9
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 5.0
5.2.11
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 4.0
4.3.12
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Reference
﻿Redis official announcement: Security Advisory: CVE-2024-31449, CVE-2024-31227, CVE-2024-31228.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Feedback

Compatible Version	Minor Version	Update
Redis 7.0	7.0.20	Fixed the security vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228.
Redis 6.2	6.2.9	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 5.0	5.2.11	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 4.0	4.3.12	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.

tencent cloud

Vulnerability Impact

Version Vulnerability Fixing Description

Reference