debian · CVE-2024-31228

Quick triage

Priority: not yet assigned Published: Updated: Wed, 01 Jul 2026 06:50:59 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2024-31228 not yet assigned priority: Debian including 3 source packages (redict, redis, valkey), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.

Description:

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

cvelogic Threat Intelligence