Wind River Support Network

HomeDefectsLIN1019-14971
Fixed

LIN1019-14971 : Security Advisory - redis - CVE-2024-31228

Created: Oct 4, 2024    Updated: Dec 11, 2024
Resolved Date: Nov 24, 2024
Found In Version: 10.19.45.1
Fix Version: 10.19.45.32
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2024-31228

CVEs


Live chat
Online