Unrated severityNVD Advisory· Published Oct 7, 2024· Updated Nov 3, 2025

Denial-of-service due to unbounded pattern matching in Redis

CVE-2024-31228

Description

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

osv-coords47 versions
pkg:apk/chainguard/py3.10-redis pkg:apk/chainguard/py3.11-redis pkg:apk/chainguard/py3.12-redis pkg:apk/chainguard/py3.13-redis pkg:apk/chainguard/py3-redis pkg:apk/chainguard/redis-6.2 pkg:apk/chainguard/redis-6.2-bitnami-compat pkg:apk/chainguard/redis-7.2 pkg:apk/chainguard/redis-7.2-iamguarded-compat pkg:apk/chainguard/redis-7.4 pkg:apk/chainguard/redis-benchmark-6.2 pkg:apk/chainguard/redis-benchmark-7.2 pkg:apk/chainguard/redis-cli-6.2 pkg:apk/chainguard/redis-cli-7.2 pkg:apk/chainguard/redis-cluster-6.2-bitnami-compat pkg:apk/chainguard/redis-cluster-7.2-iamguarded-compat pkg:apk/chainguard/redis-sentinel-6.2-bitnami-compat pkg:apk/chainguard/redis-sentinel-7.2-iamguarded-compat pkg:apk/wolfi/redis-6.2 pkg:apk/wolfi/redis-7.2 pkg:apk/wolfi/redis-7.4 pkg:apk/wolfi/redis-benchmark-7.2 pkg:apk/wolfi/redis-cli-7.2 pkg:bitnami/keydb pkg:bitnami/redis pkg:bitnami/valkey pkg:rpm/almalinux/redis pkg:rpm/almalinux/redis-devel pkg:rpm/almalinux/redis-doc pkg:rpm/opensuse/redis7&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/redis7&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/redis&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/redis&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/redis&distro=SUSE%20Manager%20Server%204.3
< 0+ 46 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.6-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.1-r0
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 6.2.16-r0
- (no CPE)range: < 7.2.6-r0
- (no CPE)range: < 7.4.1-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: >= 2.2.5, < 6.3.4
- (no CPE)range: >= 2.2.5, < 6.2.16
- (no CPE)range: < 7.2.7
- (no CPE)range: < 7.2.6-1.module_el9.5.0+130+36ae7635
- (no CPE)range: < 7.2.6-1.module_el9.5.0+130+36ae7635
- (no CPE)range: < 7.2.6-1.module_el9.5.0+130+36ae7635
- (no CPE)range: < 7.0.8-150500.3.12.1
- (no CPE)range: < 7.0.8-150600.8.3.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 7.2.4-150600.3.3.1
- (no CPE)range: < 7.0.8-150500.3.12.1
- (no CPE)range: < 7.0.8-150600.8.3.1
- (no CPE)range: < 6.0.14-150200.6.32.1
- (no CPE)range: < 6.0.14-150200.6.32.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 7.2.4-150600.3.3.1
- (no CPE)range: < 6.0.14-150200.6.32.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 6.0.14-150200.6.32.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 6.2.6-150400.3.28.1
- (no CPE)range: < 6.2.6-150400.3.28.1
Redis/Redisv5
Range: >= 2.2.5, < 6.2.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0mitrex_refsource_MISC
github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000