Unrated severityNVD Advisory· Published Jan 6, 2025· Updated Jan 6, 2025

Redis allows denial-of-service due to malformed ACL selectors

CVE-2024-51741

Description

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.

Affected products

Redis/Redisllm-fuzzy2 versions
<=7.2.6, <=7.4.1+ 1 more
- (no CPE)range: <=7.2.6, <=7.4.1
- (no CPE)range: >= 7.0.0, < 7.2.7
osv-coords38 versions
pkg:apk/chainguard/py3.11-redis pkg:apk/chainguard/py3.12-redis pkg:apk/chainguard/py3.13-redis pkg:apk/chainguard/py3-redis pkg:apk/chainguard/redis-7.2 pkg:apk/chainguard/redis-7.2-bitnami-compat pkg:apk/chainguard/redis-7.2-iamguarded-compat pkg:apk/chainguard/redis-7.4 pkg:apk/chainguard/redis-7.4-bitnami-compat pkg:apk/chainguard/redis-benchmark-7.2 pkg:apk/chainguard/redis-benchmark-7.4 pkg:apk/chainguard/redis-cli-7.2 pkg:apk/chainguard/redis-cli-7.4 pkg:apk/chainguard/redis-cluster-7.2-bitnami-compat pkg:apk/chainguard/redis-cluster-7.2-iamguarded-compat pkg:apk/chainguard/redis-cluster-7.4-bitnami-compat pkg:apk/chainguard/redis-sentinel-7.2-bitnami-compat pkg:apk/chainguard/redis-sentinel-7.2-iamguarded-compat pkg:apk/chainguard/redis-sentinel-7.4-bitnami-compat pkg:apk/wolfi/redis-7.2 pkg:apk/wolfi/redis-7.4 pkg:apk/wolfi/redis-benchmark-7.2 pkg:apk/wolfi/redis-cli-7.2 pkg:bitnami/keydb pkg:bitnami/redis pkg:bitnami/valkey pkg:rpm/almalinux/redis pkg:rpm/almalinux/redis-devel pkg:rpm/almalinux/redis-doc pkg:rpm/opensuse/redis7&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.6 pkg:rpm/rocky-linux/redis?distro=rocky-linux-9&epoch=0 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
< 0+ 37 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.2.7-r0
- (no CPE)range: < 7.2.7-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.7-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.7-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.7-r0
- (no CPE)range: < 7.4.2-r0
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: >= 7.0.0
- (no CPE)range: >= 7.0.0, < 7.2.8
- (no CPE)range: < 8.0.2
- (no CPE)range: < 7.2.7-1.module_el9.5.0+134+2e645600
- (no CPE)range: < 7.2.7-1.module_el9.5.0+134+2e645600
- (no CPE)range: < 7.2.7-1.module_el9.5.0+134+2e645600
- (no CPE)range: < 7.0.8-150600.8.6.1
- (no CPE)range: < 7.2.4-150600.3.6.1
- (no CPE)range: < 0:7.2.7-1.module+el9.5.0+30204+5d6debe1
- (no CPE)range: < 7.0.8-150500.3.15.1
- (no CPE)range: < 7.0.8-150500.3.15.1
- (no CPE)range: < 7.0.8-150600.8.6.1
- (no CPE)range: < 7.0.8-150500.3.15.1
- (no CPE)range: < 7.0.8-150500.3.15.1
- (no CPE)range: < 7.2.4-150600.3.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000