CVE-2024-31449

Scores

EPSS

0.582medium58.2%

0%20%40%60%80%100%

Percentile: 58.2%

CVSS

7.0high3.x

0246810

CVSS Score: 7.0/10

All CVSS Scores

CVSS 3.x

7.0

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

anchore_overridesdebiannvdredhatubuntu

CWEs

CWE-20

Related Vulnerabilities

BDU:2024-07792

Exploits

Exploit ID: CVE-2024-31449

Source: github-poc

URL: https://github.com/daeseong1209/CVE-2024-31449

Vulnerable Software (16)

Type: Configuration

Operating System:

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "6.2.16",          "versionStartIncluding": "2.6...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "6.2.16",          "versionStartIncluding": "2.6"        },        {          "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.6",          "versionStartIncluding": "7.0.0"        },        {          "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.4.1",          "versionStartIncluding": "7.3.0"        }      ],      "negate": false,      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "6.2.16",          "versionStartIncluding": "2.6"        },        {          "cpe23uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.6",          "versionStartIncluding": "7.0.0"        },        {          "cpe23uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.4.1",          "versionStartIncluding": "7.3.0"        }      ],      "negate": false,      "operator": "OR"    }  ],  "operator": "OR"}

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.7"        },        {          "cpe...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.7"        },        {          "cpe23uri": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "8.0.1",          "versionStartIncluding": "8.0.0-rc1"        }      ],      "negate": false,      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:linuxfoundation:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.7"        },        {          "cpe23uri": "cpe:2.3:a:linuxfoundation:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "8.0.1",          "versionStartIncluding": "8.0.0-rc1"        }      ],      "negate": false,      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.2.7"        },        {          "cpe23uri": "cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*",          "versionEndExcluding": "8.0.1",          "versionStartIncluding": "8.0.0-rc1"        }      ],      "negate": false,      "operator": "OR"    }  ],  "operator": "OR"}

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:redict:redict:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.3.1"        }      ],      "negate": fals...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:redict:redict:*:*:*:*:*:*:*:*",          "versionEndExcluding": "7.3.1"        }      ],      "negate": false,      "operator": "OR"    }  ],  "operator": "OR"}

Source: anchore_overrides

Type: Configuration

Product: redict

Operating System: debian

Trait:

{  "fixed": "7.3.1+ds-1"}

Source: debian

Type: Configuration

Product: redis

Operating System: rhel

Trait:

{  "fixed": "7-9050020241104103753.9"}

Source: redhat

Type: Configuration

Product: redis

Operating System: debian

Trait:

{  "fixed": "5:7.0.15-2"}

Source: debian

Type: Configuration

Product: redis

Operating System: debian bookworm 12

Trait:

{  "fixed": "5:7.0.15-1~deb12u2"}

Source: debian

Type: Configuration

Product: redis

Operating System: debian bullseye 11

Trait:

{  "unfixed": true}

Source: debian

Type: Configuration

Product: redis

Operating System: ubuntu focal 20.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: redis

Operating System: ubuntu jammy 22.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: redis

Operating System: ubuntu noble 24.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: redis

Operating System: ubuntu oracular 24.10

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: redis

Operating System: ubuntu plucky 25.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: redis

Operating System: ubuntu questing 25.10

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: valkey

Operating System: debian

Trait:

{  "fixed": "8.0.1+dfsg1-1"}

Source: debian

Type: Configuration

Vendor: *

Product: redis

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",      "versionEndExcluding": "6.2.16",      "versionStartIncluding": "2.8.18",      "vulnerable": true    },    ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",      "versionEndExcluding": "6.2.16",      "versionStartIncluding": "2.8.18",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",      "versionEndExcluding": "7.2.6",      "versionStartIncluding": "7.2.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redis:redis:7.4.0:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redis:redis:7.4.0:rc1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redis:redis:7.4.0:rc2:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2024-31449

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (16)