Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-20"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31227.json"
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.6"
},
{
"introduced": "0"
},
{
"last_affected": "7.4.0"
}
],
"cpe": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*"
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31227.json"
"2026-06-18T10:08:40Z"
[
{
"source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
"target": {
"function": "ACLSetSelector",
"file": "src/acl.c"
},
"deprecated": false,
"id": "CVE-2024-31227-54f6e5e1",
"digest": {
"function_hash": "40661584271837133427091237980144603108",
"length": 4281.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
"target": {
"file": "src/acl.c"
},
"deprecated": false,
"id": "CVE-2024-31227-f772918c",
"digest": {
"line_hashes": [
"122073505150330779881925889376104048481",
"20546548576662628414487098384772441091",
"12194845935100251552104546068211565647",
"96821037693610244447265708658612769828"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
}
]