CVE-2024-31449

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2.16, prior to 7.2.6, and prior to 7.4.1. Redis versions 6.2.16-alt1, 6.2.17-alt1, 7.2.10-alt1, 7.2.11-alt1.

Description Redis is an in-memory database. An authenticated user can use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, potentially leading to remote code execution. The vulnerability exists in all versions of Redis with Lua scripting enabled. There are no known workarounds for this issue.

Recommendations Upgrade Redis to version 6.2.16 or later. Upgrade Redis to version 7.2.6 or later. Upgrade Redis to version 7.4.1 or later. Upgrade Redis to version 6.2.16-alt1. Upgrade Redis to version 6.2.17-alt1. Upgrade Redis to version 7.2.10-alt1. Upgrade Redis to version 7.2.11-alt1.

Exploit

Fix

RCE

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-20

Related Identifiers

ALSA-2024:10869

ALSA-2024_10869

ALSA-2025:0595

ALSA-2025:0693

ALSA-2025_16880

ALT-PU-2024-16804

ALT-PU-2024-16947

ALT-PU-2025-11673

ALT-PU-2025-13204

ALT-PU-2025-1404

ALT-PU-2025-1408

BDU:2024-07792

BIT-KEYDB-2024-31449

BIT-REDIS-2024-31449

BIT-VALKEY-2024-31449

CESA-2025_0595

CLEANSTART-2026-AF35851

CLEANSTART-2026-AV02020

CLEANSTART-2026-AY29369

CLEANSTART-2026-BX37171

CLEANSTART-2026-BZ70876

CLEANSTART-2026-CQ83284

CLEANSTART-2026-DI78859

CLEANSTART-2026-DL37890

CLEANSTART-2026-EL98096

CLEANSTART-2026-FR00621

CLEANSTART-2026-GJ95666

CLEANSTART-2026-IR62391

CLEANSTART-2026-JR53141

CLEANSTART-2026-JU65303

CLEANSTART-2026-LU31244

CLEANSTART-2026-MJ64494

CLEANSTART-2026-MZ27698

CLEANSTART-2026-NG71279

CLEANSTART-2026-PR27884

CLEANSTART-2026-QK48981

CLEANSTART-2026-QX99194

CLEANSTART-2026-RA63757

CLEANSTART-2026-WI17406

CLEANSTART-2026-XH31600

CLEANSTART-2026-YM75307

CLEANSTART-2026-YP32652

CVE-2024-31449

GHSA-WHXG-WX83-85P5

INFSA-2024_10869

INFSA-2025_0595

INFSA-2025_0693

MGASA-2024-0340

OESA-2024-2230

OESA-2024-2269

OESA-2024-2270

OESA-2024-2271

OESA-2024-2272

OPENSUSE-SU-2024:14412-1

OPENSUSE-SU-2024_3535-1

OPENSUSE-SU-2024_3537-1

OPENSUSE-SU-2024_3549-1

OPENSUSE-SU-2024_3575-1

OPENSUSE-SU-2025:15293-1

RHSA-2024:10869

RHSA-2024_10869

RHSA-2025:0595

RHSA-2025:0693

RHSA-2025_0595

RHSA-2025_0693

RLSA-2025:0595

RLSA-2025:0693

SUSE-SU-2024:3535-1

SUSE-SU-2024:3537-1

SUSE-SU-2024:3549-1

SUSE-SU-2024:3575-1

SUSE-SU-2025:0081-1

USN-8169-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

CVE-2024-31449

Weakness Enumeration

Related Identifiers

Affected Products

References · 265