CVE-2024-31227

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31227
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a Patch
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*
History

26 Aug 2025, 17:44

Type Values Removed Values Added
References () https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a - () https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a - Patch
References () https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh - () https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh - Third Party Advisory
First Time Redis redis
Redis
CPE cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

10 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Redis es una base de datos de código abierto en memoria que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a él, desencadena un pánico del servidor y la consiguiente denegación de servicio. El problema existe en Redis 7 anterior a las versiones 7.2.6 y 7.4.1. Se recomienda a los usuarios que actualicen la versión. No existen workarounds conocidas para esta vulnerabilidad.

07 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-07 20:15

Updated : 2025-08-26 17:44

NVD link : CVE-2024-31227

Mitre link : CVE-2024-31227

CVE.ORG link : CVE-2024-31227

JSON object : View

Products Affected

redis

  • redis
CWE
CWE-20

Improper Input Validation