CVE-2024-31227

EUVD-2024-29123
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
redisredis
7.0.0 ≤
𝑥
< 7.2.6
redisredis
7.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
redict
bullseye
not-affected
forky
7.3.6+ds-1
fixed
sid
7.3.6+ds-1
fixed
redis
bookworm
5:7.0.15-1~deb12u5
fixed
bookworm (security)
5:7.0.15-1~deb12u6
fixed
bullseye
5:6.0.16-1+deb11u2
not-affected
bullseye (security)
5:6.0.16-1+deb11u8
fixed
forky
5:8.0.5-1
fixed
sid
5:8.0.5-1
fixed
trixie
5:8.0.2-3+deb13u1
fixed
trixie (security)
5:8.0.2-3+deb13u1
fixed
valkey
bullseye
not-affected
forky
8.1.4+dfsg1-1
fixed
sid
8.1.4+dfsg1-1
fixed
trixie
8.1.1+dfsg1-3+deb13u1
fixed
trixie (security)
8.1.1+dfsg1-3+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
redis
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
needed
oracular
ignored
plucky
needed
questing
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh