tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for Redis®
    Documentation
    Download PDF

    Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228

    Last updated: 2024-11-25 15:05:06
    Download PDF
      The official Redis announcement highlights severe security vulnerabilities in versions 6.2 and 7.2: CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228. TencentDB for Redis ® has already addressed these vulnerabilities. It is strongly recommended that you upgrade to the latest minor version of your instance as soon as possible to ensure the security and stability of your business operations.

      Vulnerability Details

      CVE-2024-31449: A stack overflow vulnerability causes the process to access illegal memory, impacting Redis versions 4.0, 5.0, 6.2, and 7.0.
      CVE-2024-31227: Inadequate parameter validation allows the creation of an illegal ACL selector, leading to assertion failures and process crashes. This affects Redis version 7.0.
      CVE-2024-31228: A specially crafted long string match pattern may cause infinite recursion, resulting in stack overflow and process crashes. This affects Redis versions 4.0, 5.0, 6.2, and 7.0.

      Recommended Operations

      Upgrade your Redis instance to the latest minor version. For detailed steps, see Upgrade Redis Version Instance.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2025 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy