TencentDB for Redis®
- Release Notes and Announcements
- Product Introduction
- Product Series
- Purchase Guide
- Getting Started
- Operation Guide
- Access Management
- SDK Connection
- Daily Instance Operation
- Upgrading Redis Edition Instances
- Managing Redis Edition Nodes
- Multi-AZ Deployment Management
- Backup and Restoration
- Downloading Redis Edition Backups
- Data Migration for Redis Edition Instances
- Account and Password (Redis Edition)
- Parameter Configuration
- Redis Parameter Operations
- Network and Security
- Monitoring and Alarms
- Redis Edition Event Management
- Global Replication for Redis Edition
- Performance Optimization
- Development Guidelines
- Connection Pool Configuration
- Command Reference
- Commands Supported by Different Versions
- Additional Command Operations in the Redis Edition
- Troubleshooting
- Connection Exception
- Performance Troubleshooting and Fine-Tuning
- Practical Tutorial
- API Documentation
- Making API Requests
- Instance APIs
- Parameter Management APIs
- Other APIs
- Backup and Restoration APIs
- Monitoring and Management APIs
- Service Agreement
DocumentationTencentDB for Redis®Release Notes and AnnouncementsAnnouncementsSecurity Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Last updated: 2024-11-25 15:05:06
Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Last updated: 2024-11-25 15:05:06
The official Redis announcement highlights severe security vulnerabilities in versions 6.2 and 7.2: CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228. TencentDB for Redis ® has already addressed these vulnerabilities. It is strongly recommended that you upgrade to the latest minor version of your instance as soon as possible to ensure the security and stability of your business operations.
Vulnerability Details
CVE-2024-31449: A stack overflow vulnerability causes the process to access illegal memory, impacting Redis versions 4.0, 5.0, 6.2, and 7.0.
CVE-2024-31227: Inadequate parameter validation allows the creation of an illegal ACL selector, leading to assertion failures and process crashes. This affects Redis version 7.0.
CVE-2024-31228: A specially crafted long string match pattern may cause infinite recursion, resulting in stack overflow and process crashes. This affects Redis versions 4.0, 5.0, 6.2, and 7.0.
Recommended Operations
Upgrade your Redis instance to the latest minor version. For detailed steps, see Upgrade Redis Version Instance.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No