CVE-2024-31227

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Debian logo
Debian Releases
Debian Product
Codename
redict
sid
7.3.2+ds-1
fixed
bullseye
not-affected
redis
bullseye
5:6.0.16-1+deb11u2
not-affected
bullseye (security)
5:6.0.16-1+deb11u6
fixed
bookworm
5:7.0.15-1~deb12u4
fixed
bookworm (security)
5:7.0.15-1~deb12u3
fixed
trixie
5:7.0.15-3
fixed
sid
5:8.0.0-2
fixed
valkey
sid
8.1.1+dfsg1-1
fixed
trixie
8.1.1+dfsg1-1
fixed
bullseye
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
redis
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh