Berita Terkini dan Pengumuman

Catatan Rilis

Pengumuman

Pengenalan Produk

Ikhtisar

Keunggulan

Kasus Penggunaan

Mesin Penyimpanan

Product Series

Performa

Pemisahan Baca/Tulis

Deployment Multi-AZ

Wilayah dan AZ

Panduan Pembelian

Ikhtisar Penagihan

Metode Pembelian

Pembayaran Jatuh Tempo

Memulai

Membuat Instans TencentDB for Redis

Menghubungkan ke Instans TencentDB for Redis (melalui Jaringan Pribadi)

Panduan Pengoperasian

Ikhtisar Operasi

Koneksi SDK

Manajemen dan Pemeliharaan Instans

Peningkatan Instans

Manajemen Deployment Multi-AZ

Pencadangan dan Pemulihan

Manajemen akun

Konfigurasi Parameter

Manajemen Akses

Jaringan dan Keamanan

Pemantauan dan Peringatan Alarm

Replikasi Global

Service Agreement

Service Level Agreement

Glosarium

Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228

Mode fokus

Ukuran font

Terakhir diperbarui: 2025-07-11 14:34:28

Recently, vulnerabilities CVE-2024-31449, CVE-2024-31228, and CVE-2024-31227 have been detected on Redis. TencentDB for Redis® has fixed these vulnerabilities. It is recommended that you upgrade to the latest instance minor version promptly to ensure business security and stable operation.
Vulnerability Impact
﻿CVE-2024-31449: Users who pass authentication by executing the AUTH command can use a specially crafted Lua attack script to trigger a stack buffer overflow in the bit library. This may cause a process crash and remote code execution.
﻿CVE-2024-31227: Users who pass authentication by executing the AUTH command can create an illegal ACL selector and use commands such as ACL LIST or ACL GETUSER to trigger an assertion failure. This will cause a process crash and denial-of-service (DoS) issues.
﻿CVE-2024-31228: Users who pass authentication by executing the AUTH command can create a special long string key in the database. They can use commands supporting string match, such as KEYS or SCANS, and a special long string match mode to match extremely long strings. This may lead to infinite recursion that suspends the process, stack overflow, process crash, and DoS issues.
Version Vulnerability Fixing Description
You can upgrade Redis instances to the minor versions shown in the table below to fix the security vulnerabilities. For detailed operations, see Upgrading Instance Version.
Compatible Version
Minor Version
Update
Redis 7.0
7.0.20
Fixed the security vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228.
Redis 6.2
6.2.9
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 5.0
5.2.11
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 4.0
4.3.12
Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Reference
﻿Redis official announcement: Security Advisory: CVE-2024-31449, CVE-2024-31227, CVE-2024-31228.

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

tencent cloud

Tencent Cloud Distributed Cache (Redis OSS-Compatible)

Security Vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228

Vulnerability Impact

Version Vulnerability Fixing Description

Reference

Bantuan dan Dukungan

Compatible Version	Minor Version	Update
Redis 7.0	7.0.20	Fixed the security vulnerabilities CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228.
Redis 6.2	6.2.9	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 5.0	5.2.11	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.
Redis 4.0	4.3.12	Fixed the security vulnerabilities CVE-2024-31449 and CVE-2024-31228.