CVE-2024-31227

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31227.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type

GIT

Repo

https://github.com/redis/redis

Events

Introduced

d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc

Fixed

ae6a2aa95cd094b032e7a69b8b59f64dd1ed085f

Database specific

{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.2.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/redis/redis

Events

Introduced

Fixed

74b289a0e12f9f65a6daeec6a66cadc76792f644

Database specific

{
    "versions": [
        {
            "introduced": "7.3.0"
        },
        {
            "fixed": "7.4.1"
        }
    ]
}

Affected versions

1.*

1.3.6

2.*

2.2-alpha0

2.2-alpha1

2.2-alpha2

2.2-alpha3

2.2-alpha4

2.2-alpha5

2.2-alpha6

2.2.0-rc1

2.3-alpha0

3.*

3.0-alpha0

7.*

7.4-rc1

7.4-rc2

7.4.0

v1.*

v1.3.10

v1.3.11

v1.3.12

v1.3.7

v1.3.8

v1.3.9

v2.*

v2.0.0-rc1

v2.1.1-watch

Other

vm-playpen

with-deprecated-diskstore

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31227.json"