CVE-2024-51741

Summary

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.

Affected Software

VendorProductVersion RangeStatus
redisredis>= 7.0.0, < 7.2.7affected
redisredis>= 7.4.0, < 7.4.2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References