Tag :
Cyber Security

About the Vulnerability

Introduction

Redis is an open source (BSD licensed) in-memory data structure store, used as a database, cache, message broker, and stream engine. Redis provides data structures such as strings, hashes, lists, sets with range queries, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes, and streams. Redis has built-in replication, Lua scripting, LRU eviction, transactions, and different levels of disk persistence, and provides high availability through Redis Sentinel and Redis Cluster for automatic partitioning.

Summary

On October 9, 2024, Sangfor FarSight Labs received notification that a Redis component contains information of Buffer Overflow Vulnerability (CVE-2024-31449), classified as high in threat level.

Authenticated users may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which could lead to remote code execution. All Redis versions with Lua scripting are affected by this issue.

Affected Versions

2.6 ≤ Redis < 6.2.16

7.0.0 ≤ Redis < 7.2.6

7.4.0 ≤ Redis < 7.4.1

Solutions

CVE-2024-31449-1

Remediation Solutions

Check the System Version

After the Redis service is started, the current version number can be obtained from the logs.

Official Solution

Affected users are strongly advised to update the redis to the latest version(6.2.16, 7.2.6 or versions above 7.4.1).

Download link: https://redis.io/download

Sangfor Solutions

Risky Assets Detection

Support is provided for the proactive detection of Redis; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:

[Sangfor CWPP] has released a detection scheme with Fingerprint ID: 0000518.

[Sangfor Host Security] has released a detection scheme with Fingerprint ID: 0000518.

Vulnerability Proactive Detection

Support is provided for proactive detection of Redis Buffer Overflow Vulnerability (CVE-2024-31449); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:

[Sangfor Host Security] is expected to release a detection scheme on October 13, 2024, with Rule ID: SF-0005-21018.

[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on October 10, 2024, with Rule ID: SF-0005-21018.

[Sangfor Omni-Command] is expected to release a detection scheme on October 13, 2024(requiring Host Security component capabilities), with Rule ID: SF-0005-21018.

Timeline

On October 8, 2024, Sangfor FarSight Labs received notification of Redis Buffer Overflow vulnerability.

On October 9, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

See Other Product

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail