CVE-2024-31227

Source
https://cve.org/CVERecord?id=CVE-2024-31227
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31227.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31227
Aliases
Downstream
Related
Published
2024-10-07T19:51:04.520Z
Modified
2026-06-18T10:08:40.139089Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial-of-service due to malformed ACL selectors in Redis
Details

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31227.json"
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
7.*
7.2-rc1
7.2-rc2
7.2-rc3
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
v1.*
v1.3.10
v1.3.11
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31227.json"
vanir_signatures_modified
"2026-06-18T10:08:40Z"
vanir_signatures
[
    {
        "source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
        "target": {
            "function": "ACLSetSelector",
            "file": "src/acl.c"
        },
        "deprecated": false,
        "id": "CVE-2024-31227-54f6e5e1",
        "digest": {
            "function_hash": "40661584271837133427091237980144603108",
            "length": 4281.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
        "target": {
            "file": "src/acl.c"
        },
        "deprecated": false,
        "id": "CVE-2024-31227-f772918c",
        "digest": {
            "line_hashes": [
                "122073505150330779881925889376104048481",
                "20546548576662628414487098384772441091",
                "12194845935100251552104546068211565647",
                "96821037693610244447265708658612769828"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]