SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-31449

CVE-2024-31449: Redis Lua Scripting RCE Vulnerability

CVE-2024-31449 is a remote code execution vulnerability in Redis that allows authenticated users to exploit a stack buffer overflow in the Lua bit library. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2024-31449 Overview

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Critical Impact

This vulnerability may potentially lead to remote code execution, allowing attackers to execute arbitrary code within the Redis environment.

Affected Products

  • Redis Redis

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to redis
  • Not Available - CVE CVE-2024-31449 assigned
  • Not Available - redis releases security patch
  • 2024-10-07 - CVE CVE-2024-31449 published to NVD
  • 2025-09-04 - Last updated in NVD database

Technical Details for CVE-2024-31449

Vulnerability Analysis

The vulnerability exploits a stack buffer overflow in the bit library within Lua scripts in Redis. An authenticated attacker can craft a Lua script that takes advantage of this overflow, leading to unauthorized code execution.

Root Cause

The issue arises from improper input validation in the Lua bit library, which mishandles specific script input, leading to overflow conditions.

Attack Vector

The attack can be executed over the network by an authenticated user using crafted Lua scripts in Redis.

lua
-- Example exploitation code (sanitized)
local function overflow_example()
    local str = string.rep("A", 1024)
    return bit.band(0xFFFFFFFF, str)  -- This triggers the vulnerability
end

Detection Methods for CVE-2024-31449

Indicators of Compromise

  • Unusual Lua script executions in Redis logs
  • Abnormal system behaviors or crashes when executing Lua scripts
  • Unexpected termination of Redis service

Detection Strategies

Monitor Redis logs for execution of unexpected or unusually large Lua scripts. Use intrusion detection systems to flag high-risk script patterns that may indicate exploitation attempts.

Monitoring Recommendations

Regularly review access logs and Lua script execution records. Configure monitoring tools to alert on usage of Lua functions associated with buffer manipulation.

How to Mitigate CVE-2024-31449

Immediate Actions Required

  • Update Redis to the latest patched versions (6.2.16, 7.2.6, 7.4.1)
  • Restrict network access to Redis instances to trusted sources
  • Implement robust authentication mechanisms for Redis

Patch Information

Patches are available at the following links:

Workarounds

Not Available

bash
# Configuration example to restrict access
bind 127.0.0.1 ::1                 # Allow only local connections
requirepass myStrongPassword       # Enable password authentication
protected-mode yes                 # Enable protected mode

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne