Axel Mierczuk

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 7.2.7 Redis versions prior to 7.4.2 **Description** The issue is related to an open-source, in-memory database that persists on disk. An authenticated user with sufficient privileges can create a malformed ACL selector, which, when accessed, triggers a server panic and subsequent denial of service. **Recommendations** For versions prior to 7.2.7, update to Redis 7.2.7 or later to resolve the issue. For versions prior to 7.4.2, update to Redis 7.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ACL selector feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 7.2.6 and 7.4.1 **Description** The issue exists due to insufficient input validation in Redis, allowing a remote attacker to cause a denial of service. An authenticated user with sufficient privileges may create a malformed ACL selector, which when accessed, triggers a server panic and subsequent denial of service. **Recommendations** For Redis versions prior to 7.2.6, upgrade to version 7.2.6 or later. For Redis versions prior to 7.4.1, upgrade to version 7.4.1 or later. As a temporary workaround, consider restricting access to the ACL selector feature until a patch is applied. Avoid using the `ACL selector` feature in affected versions until the issue is resolved.