MiracleLinux 9 : redis-6.2.17-1.el9_5 (AXSA:2025-9591:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9591:01 advisory. redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 redis: possible bypass of Unix socket permissions on startup...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

Denial-of-service due to unbounded pattern matching in Redis

...

Fedora: Security Advisory (FEDORA-2024-8a9a692906)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : redis (2024-5d4eb04e76)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...

CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-717 advisory. Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Tenable has...

Important: redis

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis Note: This advisory is applicable to Amazon Linux 2 - Redis6 Extra. Visit this...

Important: redis6

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis6 Issue Correction: Run dnf update redis6 --releasever 2023.5.20241001 or dnf...