Product Version Release Advisory VMware Tanzu Valkey v7.2.6

VMware Tanzu Data Services

0 more products

25503

13 March 2025

13 March 2025

CLOSED

HIGH

7.0

CVE-2024-31449, CVE-2024-31227, CVE-2024-31228

Product Release Advisory

Advisory ID:

TNZ-2025-11

Severity:

High

Issue Date:

2025-02-26

Updated on:

2025-02-26

Synopsis

Valkey v7.2.6 has the following vulnerabilities that were addressed in Valkey v8.0.1 / VMware Tanzu for Valkey 1.1.0-beta:

  • Lua library commands can be exploited by an authenticated user to achieve remote-code-execution.
  • Denial-of-service because of malformed ACL selectors.
  • Denial-of-service because of unbounded pattern-matching.

Product Version Release Advisory

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

Valkey v7.2.6, fixed in Valkey 8.0.1

  • CVE-2024-31449 Lua library commands can be exploited by an authenticated user to achieve remote-code-execution.
  • CVE-2024-31227 Denial-of-service because of malformed ACL selectors.
  • CVE-2024-31228 Denial-of-service because of unbounded pattern-matching.

History

2025-02-26: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories

https://support.broadcom.com/group/ecx/security-advisory?segment=VT