CVE-2024-31227
Denial-of-service due to malformed ACL selectors in Redis
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A flaw was found in Redis. This flaw allows an authenticated attacker with sufficient privileges to create a malformed ACL selector that triggers a server panic and subsequent denial of service when accessed.
This update for redis7 fixes the following issues. Fixed parsing issue leading to denail of service. Fixed unbounded recursive pattern matching. Fixed integer overflow bug in Lua bit_tohex.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-29 CVE Reserved
- 2024-10-07 CVE Published
- 2024-10-07 CVE Updated
- 2025-07-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | X_refsource_misc | |
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-31227 | 2024-12-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2317053 | 2024-12-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.0.0 < 7.2.6 Search vendor "Redis" for product "Redis" and version " >= 7.0.0 < 7.2.6" | en |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.3.0 < 7.4.1 Search vendor "Redis" for product "Redis" and version " >= 7.3.0 < 7.4.1" | en |
Affected
|