CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-31449

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.0111/1

CVE-2024-31449 is a critical vulnerability in Redis, an open-source in-memory database. This flaw allows an authenticated user to execute arbitrary code remotely by exploiting a stack buffer overflow within the Lua scripting engine. Specifically, a crafted Lua script targeting the bit library triggers the overflow.

Even though the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) of 40 suggests a moderate risk, emphasizing that although not critical, it is still an issue to resolve. All Redis versions with Lua scripting are affected until patched. Upgrade to Redis versions 6.2.16, 7.2.6, or 7.4.1 to mitigate this risk. This vulnerability is significant because it could allow attackers to gain complete control of the Redis server, leading to data breaches or service disruption. There are no known workarounds, highlighting the urgency of applying the patch.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-07
LAST MODIFIED2024-10-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-31449 is a critical vulnerability in Redis, an open-source in-memory database. An authenticated user can exploit this vulnerability by using a specially crafted Lua script to trigger a stack buffer overflow in the bit library, potentially leading to remote code execution. The vulnerability affects all versions of Redis with Lua scripting and has been actively exploited in the wild.

Key Insights

  • High Severity: The SVRS of 40 indicates a moderate level of severity, highlighting the need for prompt attention.
  • Remote Code Execution: The vulnerability allows attackers to execute arbitrary code on the target system, giving them complete control over the database.
  • Active Exploitation: The vulnerability is actively exploited by hackers, making it crucial for organizations to take immediate action.
  • No Workarounds: There are no known workarounds for this vulnerability, emphasizing the importance of applying the patch promptly.

Mitigation Strategies

  • Apply Patch: Upgrade Redis to versions 6.2.16, 7.2.6, or 7.4.1, which address this vulnerability.
  • Restrict Access: Limit access to the Redis database to only authorized users and implement strong authentication mechanisms.
  • Monitor Logs: Regularly monitor logs for suspicious activity and investigate any anomalies promptly.
  • Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests and protect against exploitation attempts.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published, indicating that attackers have the technical means to exploit the vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Tageszusammenfassung - 18.11.2024
CERT.at2025-02-01
Tageszusammenfassung - 18.11.2024 | End-of-Day report Timeframe: Freitag 15-11-2024 18:00 - Montag 18-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a News Honeypot: Forscher veralbert Scriptkiddies mit Fake-Ransomware Ein Tool namens Jinn sollte Ransomware-Angriffe vereinfachen. Tatsächlich war das ein Honeypot, auf den so einige Akteure reingefallen sind. https://www.golem.de/news/honeypot-forscher-veralbert-scriptkiddies-mit-fake-ransomware-2411-190885.html Women In Russian-Speaking Cybercrime: Mythical Creatures
cert.at
rss
forum
news
Tageszusammenfassung - 10.10.2024
CERT.at2024-12-02
Tageszusammenfassung - 10.10.2024 | End-of-Day report Timeframe: Mittwoch 09-10-2024 18:00 - Donnerstag 10-10-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Firefox Zero-Day Under Attack: Update Your Browser Immediately Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
cert.at
rss
forum
news
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability
/u/vah_132024-11-18
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability |   submitted by   /u/vah_13 [link]   [comments]  submitted by   /u/vah_13 [link]  
reddit.com
rss
forum
news
CVE-2024-31449 | Redis up to 7.2.5 deps/lua/src/lua_bit.c bit_tohex integer overflow (Nessus ID 208105)
vuldb.com2024-10-04
CVE-2024-31449 | Redis up to 7.2.5 deps/lua/src/lua_bit.c bit_tohex integer overflow (Nessus ID 208105) | A vulnerability classified as problematic was found in Redis up to 7.2.5. This vulnerability affects the function bit_tohex of the file deps/lua/src/lua_bit.c. The manipulation leads to integer overflow. This vulnerability was named CVE-2024-31449. The attack needs to be initiated within
vuldb.com
rss
forum
news

Social Media

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability https://t.co/LYHEGfKJIo
0
1
2
2️⃣ #Redis Users: In versions <6.2.16, 7.2.6, and 7.4.1, a crafted #Lua script can lead to remote code execution. Upgrade now to avoid exploitation (Reference: CVE-2024-31449).
1
0
0
Redis Patches for Multi Flaws, Including Potential RCE (CVE-2024-31449) https://t.co/WEGYdl0GJ0
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9
[email protected]https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence