Mageia 2024-0340: redis Security Advisory Updates
mageia
October 27, 2024
An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service
Summary
An authenticated with sufficient privileges may create a malformed ACL
selector which, when accessed, triggers a server panic and subsequent
denial of service. (CVE-2024-31227)
Authenticated users can trigger a denial-of-service by using specially
crafted, long string match patterns on supported commands such as
`KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL
definitions. Matching of extremely long patterns may result in unbounded
recursion, leading to stack overflow and process crash. (CVE-2024-31228)
An authenticated user may use a specially crafted Lua script to trigger
a stack buffer overflow in the bit library, which may potentially lead
to remote code execution. (CVE-2024-31449)
References
- https://bugs.mageia.org/show_bug.cgi?id=33643
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMP3URK6CE4LGQZ7V2GD23UVMTFM7K46/
- https://www.cve.org/CVERecord?id=CVE-2024-31227
- https://www.cve.org/CVERecord?id=CVE-2024-31228
- https://www.cve.org/CVERecord?id=CVE-2024-31449
Topics Covered
Resolution
SRPMS
- 9/core/redis-7.0.14-1.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Oct 2024
URL: https://advisories.mageia.org/MGASA-2024-0340.html
Type: security
CVE: CVE-2024-31227,
CVE-2024-31228,
CVE-2024-31449
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!