CVE-2024-31228
📋 TL;DR
Authenticated Redis users can cause denial-of-service by using specially crafted long string patterns in commands like KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. This triggers unbounded recursion leading to stack overflow and process crashes. All Redis deployments with authenticated users are affected.
💻 Affected Systems
- Redis
📦 What is this software?
Redis by Redis
Redis by Redis
Redis by Redis
Redis by Redis
Redis by Redis
⚠️ Risk & Real-World Impact
Worst Case
Complete Redis service crash requiring manual restart, causing application downtime and potential data loss if persistence is interrupted.
Likely Case
Service disruption and downtime until Redis is manually restarted, affecting dependent applications.
If Mitigated
Minimal impact if Redis is behind authentication and access is restricted to trusted users only.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of vulnerable commands with long patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.2.16, 7.2.6, or 7.4.1
Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976
Restart Required: Yes
Instructions:
1. Identify Redis version with 'redis-server --version'. 2. Backup Redis data and configuration. 3. Stop Redis service. 4. Upgrade to patched version via package manager or source compilation. 5. Restart Redis service. 6. Verify version and functionality.
🔧 Temporary Workarounds
No known workarounds
allThe vulnerability description states there are no known workarounds.
🧯 If You Can't Patch
- Restrict Redis access to trusted authenticated users only using network segmentation and strict authentication controls.
- Monitor Redis logs for patterns of excessive command usage or crashes and implement rate limiting on Redis commands if possible.
🔍 How to Verify
Check if Vulnerable:
Check Redis version with 'redis-server --version' or 'redis-cli info server | grep redis_version'. If version is before 6.2.16, 7.2.6, or 7.4.1, it is vulnerable.Check Version:
redis-server --versionVerify Fix Applied:
After patching, verify version is 6.2.16, 7.2.6, 7.4.1 or later using 'redis-server --version'.📡 Detection & Monitoring
Log Indicators:
- Redis process crashes
- Stack overflow errors in Redis logs
- Unusual patterns of KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST commands with long strings
Network Indicators:
- Sudden drop in Redis service availability
- Increased authentication attempts followed by command patterns
SIEM Query:
source="redis.log" AND ("stack overflow" OR "crash" OR "segmentation fault")