- Description
- Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-121
- Hype score
- Not currently trending
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://t.co/LYHEGfKJIo
@Dinosn
18 Nov 2024
3337 Impressions
20 Retweets
48 Likes
7 Bookmarks
0 Replies
0 Quotes
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://t.co/8j6W51jXyL
@_r_netsec
18 Nov 2024
1522 Impressions
4 Retweets
15 Likes
6 Bookmarks
0 Replies
0 Quotes