CVE-2024-31449
published 2024-10-07CVE-2024-31449: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.49%
90.3th percentile
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | redict | < redict 7.3.1+ds-1 (forky) | redict 7.3.1+ds-1 (forky) |
| debian | redis | < redict 7.3.1+ds-1 (forky) | redict 7.3.1+ds-1 (forky) |
| debian | valkey | < redict 7.3.1+ds-1 (forky) | redict 7.3.1+ds-1 (forky) |
| lfprojects | valkey | >= 0 < 8.0.1+dfsg1-1 | 8.0.1+dfsg1-1 |
| lfprojects | valkey | >= 0 < 8.0.1+dfsg1-1 | 8.0.1+dfsg1-1 |
| msrc | azl3_valkey_8.0.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_valkey_8.0.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_redis_6.2.14-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_redis_6.2.14-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redis | redis | — | — |
| redis | redis | — | — |
| redis | redis | — | — |
| redis | redis | — | — |
| redis | redis | >= 0 < 5:7.0.15-1~deb12u2 | 5:7.0.15-1~deb12u2 |
| redis | redis | >= 0 < 5:7.0.15-2 | 5:7.0.15-2 |
| redis | redis | >= 0 < 5:7.0.15-2 | 5:7.0.15-2 |
| redis | redis | >= 2.8.18 < 6.2.16 | 6.2.16 |
| redis | redis | >= 7.2.0 < 7.2.6 | 7.2.6 |
Detection & IOCsextracted from sources · hover to see the quote
port6379
snort
alert tcp any any -> $HOME_NET 6379 (msg:"ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)"; flow:established,to_server; content:"|2a 33 0d 0a|"; startswith; content:"eval|0d 0a|"; nocase; content:"bit"; content:"|2e|tohex|28|"; fast_pattern; reference:url,redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/; reference:cve,2024-31449; classtype:attempted-admin; sid:2057707; rev:1; metadata:affected_product Redis, attack_target Server, created_at 2024_11_19, cve CVE_2024_31449, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_11_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
bytes
|2a 33 0d 0a|
bytes
|2e|tohex|28|
- →Detect exploit attempts by monitoring TCP traffic to Redis port 6379 for RESP3-framed EVAL commands containing 'bit' and the byte sequence for '.tohex(' — indicative of the malicious Lua bit library invocation.
- →The vulnerability is triggered via a specially crafted Lua script using the bit library; monitor Redis EVAL/EVALSHA commands from authenticated sessions for anomalous bit library usage. ↗
- →MITRE mapping: TA0001 / T1190 (Exploit Public-Facing Application) — treat inbound Redis EVAL traffic from untrusted sources as high-risk.
- ·The vulnerability exists in ALL versions of Redis that include Lua scripting support; there are no known workarounds — the only remediation is upgrading to Redis 6.2.16, 7.2.6, or 7.4.1. ↗
- ·Red Hat confirmed no available mitigation meets their deployment/ease-of-use criteria; affected packages include quay/quay-rhel8 (Red Hat Quay 3) while valkey on RHEL 9/10 is not affected. ↗
- ·On Ubuntu, the fix for CVE-2024-31449 was delivered via the lua-bitop package on Ubuntu 20.04 LTS and 22.04 LTS, and via the redis package on Ubuntu 16.04 LTS, 18.04 LTS, and 24.04 LTS — ensure the correct package is patched for your Ubuntu release. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.0HIGH
vendor_msrc7.0HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Redis, Lua vulnerabilities
vendor_ubuntu·2026-04-13·CVSS 8.8
CVE-2025-49844 [HIGH] Redis, Lua vulnerabilities
Title: Redis, Lua vulnerabilities
Summary: Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop.
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449)
Seiya Nakata and Yud
Microsoft
Lua library commands may lead to stack overflow and RCE in Redis
vendor_msrc·2024-10-08·CVSS 7.0
CVE-2024-31449 [HIGH] CWE-20 Lua library commands may lead to stack overflow and RCE in Redis
Lua library commands may lead to stack overflow and RCE in Redis
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference
Red Hat
redis: Lua library commands may lead to stack overflow and RCE in Redis
vendor_redhat·2024-10-07·CVSS 7.0
CVE-2024-31449 [HIGH] CWE-787 redis: Lua library commands may lead to stack overflow and RCE in Redis
redis: Lua library commands may lead to stack overflow and RCE in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting.
Miti
Debian
CVE-2024-31449: redict - Redis is an open source, in-memory database that persists on disk. An authentica...
vendor_debian·2024·CVSS 7.0
CVE-2024-31449 [HIGH] CVE-2024-31449: redict - Redis is an open source, in-memory database that persists on disk. An authentica...
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Scope: local
forky: resolved (fixed in 7.3.1+ds-1)
sid: resolved (fixed in 7.3.1+ds-1)
OSV
CVE-2024-31449: Redis is an open source, in-memory database that persists on disk
osv·2024-10-07·CVSS 8.8
CVE-2024-31449 [HIGH] CVE-2024-31449: Redis is an open source, in-memory database that persists on disk
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Suricata
ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)
suricata·2024-11-19·CVSS 7.0
CVE-2024-31449 [HIGH] ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)
ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)
Rule: alert tcp any any -> $HOME_NET 6379 (msg:"ET HUNTING Redis Authenticated Remote Code Execution in bit Library (CVE-2024-31449)"; flow:established,to_server; content:"|2a 33 0d 0a|"; startswith; content:"eval|0d 0a|"; nocase; content:"bit"; content:"|2e|tohex|28|"; fast_pattern; reference:url,redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/; reference:cve,2024-31449; classtype:attempted-admin; sid:2057707; rev:1; metadata:affected_product Redis, attack_target Server, created_at 2024_11_19, cve CVE_2024_31449, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_11_19, mitre_tactic_id TA0001, mitre_tac
No public exploits indexed.
No writeups or analysis indexed.
2024-10-07
Published