Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Sat, 07 Dec 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
Tue, 08 Oct 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Mon, 07 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 07 Oct 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Denial-of-service due to malformed ACL selectors in Redis | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-07T19:51:04.520Z
Updated: 2024-10-07T20:20:56.702Z
Reserved: 2024-03-29T14:16:31.902Z
Link: CVE-2024-31227
Vulnrichment
Updated: 2024-10-07T20:20:51.837Z
NVD
Status : Awaiting Analysis
Published: 2024-10-07T20:15:05.050
Modified: 2024-10-10T12:57:21.987
Link: CVE-2024-31227
Redhat