CVE-2024-31228

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2.16 Redis versions prior to 7.2.6 Redis versions prior to 7.4.1

Description Redis, an open source, in-memory database, has a denial-of-service issue. Authenticated users can trigger this by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. The matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash.

Recommendations For versions prior to 6.2.16, upgrade to version 6.2.16 or later. For versions prior to 7.2.6, upgrade to version 7.2.6 or later. For versions prior to 7.4.1, upgrade to version 7.4.1 or later.

Exploit

Fix

DoS

RCE

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-674

Related Identifiers

ALSA-2024:10869

ALSA-2024_10869

ALSA-2025:0595

ALSA-2025:0693

ALSA-2025_16880

ALT-PU-2024-16804

ALT-PU-2024-16947

ALT-PU-2025-11673

ALT-PU-2025-13204

ALT-PU-2025-1404

ALT-PU-2025-1408

AZL-50154

AZL-52011

BDU:2024-09249

BIT-KEYDB-2024-31228

BIT-REDIS-2024-31228

BIT-VALKEY-2024-31228

CESA-2025_0595

CLEANSTART-2026-AF35851

CLEANSTART-2026-AV02020

CLEANSTART-2026-AY29369

CLEANSTART-2026-BX37171

CLEANSTART-2026-BZ70876

CLEANSTART-2026-CJ12020

CLEANSTART-2026-CQ83284

CLEANSTART-2026-CU71831

CLEANSTART-2026-DI78859

CLEANSTART-2026-DL37890

CLEANSTART-2026-EL98096

CLEANSTART-2026-FR00621

CLEANSTART-2026-GJ95666

CLEANSTART-2026-IR62391

CLEANSTART-2026-JR53141

CLEANSTART-2026-JU65303

CLEANSTART-2026-LU31244

CLEANSTART-2026-MJ64494

CLEANSTART-2026-MZ27698

CLEANSTART-2026-NG71279

CLEANSTART-2026-PR27884

CLEANSTART-2026-QK48981

CLEANSTART-2026-QX99194

CLEANSTART-2026-RA63757

CLEANSTART-2026-RF40424

CLEANSTART-2026-SG88217

CLEANSTART-2026-UA95882

CLEANSTART-2026-WI17406

CLEANSTART-2026-XH31600

CLEANSTART-2026-YM75307

CLEANSTART-2026-YP32652

CVE-2024-31228

DLA-3973-1

GHSA-66GQ-C942-6976

INFSA-2024_10869

INFSA-2025_0595

INFSA-2025_0693

MGASA-2024-0340

OESA-2024-2230

OESA-2024-2269

OESA-2024-2270

OESA-2024-2271

OESA-2024-2272

OPENSUSE-SU-2024:14412-1

OPENSUSE-SU-2024_3535-1

OPENSUSE-SU-2024_3537-1

OPENSUSE-SU-2024_3549-1

OPENSUSE-SU-2024_3575-1

OPENSUSE-SU-2025:15293-1

RHSA-2024:10869

RHSA-2024_10869

RHSA-2025:0595

RHSA-2025:0693

RHSA-2025_0595

RHSA-2025_0693

RLSA-2025:0595

RLSA-2025:0693

SUSE-SU-2024:3535-1

SUSE-SU-2024:3537-1

SUSE-SU-2024:3549-1

SUSE-SU-2024:3575-1

SUSE-SU-2024_3575-1

SUSE-SU-2025:0081-1

SUSE-SU-2025_0081-1

USN-7321-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

CVE-2024-31228

Weakness Enumeration

Related Identifiers

Affected Products

References · 260