tencent cloud

All product documents
TencentDB for Redis®
DocumentationTencentDB for Redis®Release Notes and AnnouncementsAnnouncementsSecurity Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Last updated: 2024-11-25 15:05:06
Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228
Last updated: 2024-11-25 15:05:06
The official Redis announcement highlights severe security vulnerabilities in versions 6.2 and 7.2: CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228. TencentDB for Redis ® has already addressed these vulnerabilities. It is strongly recommended that you upgrade to the latest minor version of your instance as soon as possible to ensure the security and stability of your business operations.

Vulnerability Details

CVE-2024-31449: A stack overflow vulnerability causes the process to access illegal memory, impacting Redis versions 4.0, 5.0, 6.2, and 7.0.
CVE-2024-31227: Inadequate parameter validation allows the creation of an illegal ACL selector, leading to assertion failures and process crashes. This affects Redis version 7.0.
CVE-2024-31228: A specially crafted long string match pattern may cause infinite recursion, resulting in stack overflow and process crashes. This affects Redis versions 4.0, 5.0, 6.2, and 7.0.

Recommended Operations

Upgrade your Redis instance to the latest minor version. For detailed steps, see Upgrade Redis Version Instance.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon