Login Sign Up

CVE-2024-31449

7.0 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows authenticated Redis users to trigger a stack buffer overflow via specially crafted Lua scripts, potentially leading to remote code execution. All Redis installations with Lua scripting enabled are affected. The vulnerability exists in the bit library of Redis's Lua implementation.

💻 Affected Systems

Products:
  • Redis
Versions: All versions before 6.2.16, 7.2.6, and 7.4.1
Operating Systems: All operating systems running Redis
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Lua scripting enabled (default) and authenticated user access.

📦 What is this software?

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains remote code execution with Redis process privileges, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through Redis crash or limited code execution within Redis process context.

🟢

If Mitigated

No impact if Redis is patched or if Lua scripting is disabled for untrusted users.

🌐 Internet-Facing: HIGH - Internet-facing Redis instances with authentication enabled are directly exploitable by authenticated attackers.
🏢 Internal Only: MEDIUM - Internal Redis instances still vulnerable to authenticated users, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and Lua script execution privileges. Exploit requires crafting specific bit operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.16, 7.2.6, or 7.4.1

Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5

Restart Required: Yes

Instructions:

1. Identify current Redis version. 2. Backup Redis data. 3. Stop Redis service. 4. Install patched version (6.2.16, 7.2.6, or 7.4.1). 5. Start Redis service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Disable Lua scripting for untrusted users

all

Remove EVAL command execution privileges from untrusted Redis users

redis-cli ACL SETUSER <username> -@all +@read +@write -eval

🧯 If You Can't Patch

  • Restrict Redis access to trusted networks only using firewall rules
  • Implement strict Redis ACLs to limit Lua script execution to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check Redis version: if version is below 6.2.16, 7.2.6, or 7.4.1, system is vulnerable.

Check Version:

redis-cli --version

Verify Fix Applied:

Confirm Redis version is 6.2.16, 7.2.6, or 7.4.1 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Lua script execution patterns
  • Redis crashes or abnormal terminations
  • Large number of bit operation commands

Network Indicators:

  • Unusual EVAL command usage from untrusted sources
  • Multiple failed Lua script executions

SIEM Query:

source="redis" AND (command="EVAL" OR command="EVALSHA") AND user!="trusted_user"

📊 Metadata

CVE ID: CVE-2024-31449
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: October 7, 2024
Last Updated: September 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31449, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)