PT-2024-10147 · Redis+9 · Redis+9

Axel Mierczuk

·

Published

2024-10-31

·

Updated

2025-10-21

·

CVE-2024-51741

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Redis versions prior to 7.2.7 Redis versions prior to 7.4.2
Description The issue is related to an open-source, in-memory database that persists on disk. An authenticated user with sufficient privileges can create a malformed ACL selector, which, when accessed, triggers a server panic and subsequent denial of service.
Recommendations For versions prior to 7.2.7, update to Redis 7.2.7 or later to resolve the issue. For versions prior to 7.4.2, update to Redis 7.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ACL selector feature until a patch is available.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025:0692
ALSA-2025_16880
ALT-PU-2025-11673
ALT-PU-2025-13204
ALT-PU-2025-1851
ALT-PU-2025-9766
AZL-55283
BDU:2025-00449
BIT-KEYDB-2024-51741
BIT-REDIS-2024-51741
BIT-VALKEY-2024-51741
CVE-2024-51741
DSA-5856-1
GHSA-PRPQ-RH5H-46G9
MGASA-2025-0033
OPENSUSE-SU-2025:14638-1
OPENSUSE-SU-2025:15293-1
OPENSUSE-SU-2025_0160-1
OPENSUSE-SU-2025_0161-1
OPENSUSE-SU-2025_0163-1
RHSA-2025:0692
RHSA-2025_0692
RLSA-2025:0692
SUSE-SU-2025:0160-1
SUSE-SU-2025:0161-1
SUSE-SU-2025:0163-1
SUSE-SU-2025_0160-1
SUSE-SU-2025_0161-1
SUSE-SU-2025_0163-1
USN-7321-1
USN-7359-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu