PT-2024-7758 · Redis+6 · Redis+6

Axel Mierczuk

·

Published

2024-10-02

·

Updated

2026-05-18

·

CVE-2024-31227

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 7.2.6 and 7.4.1
Description The issue exists due to insufficient input validation in Redis, allowing a remote attacker to cause a denial of service. An authenticated user with sufficient privileges may create a malformed ACL selector, which when accessed, triggers a server panic and subsequent denial of service.
Recommendations For Redis versions prior to 7.2.6, upgrade to version 7.2.6 or later. For Redis versions prior to 7.4.1, upgrade to version 7.4.1 or later. As a temporary workaround, consider restricting access to the ACL selector feature until a patch is applied. Avoid using the ACL selector feature in affected versions until the issue is resolved.

Exploit

Fix

DoS

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2024:10869
ALSA-2024_10869
ALSA-2025_16880
ALT-PU-2024-16804
ALT-PU-2025-11673
ALT-PU-2025-13204
AZL-52008
BDU:2024-09249
BIT-KEYDB-2024-31227
BIT-REDIS-2024-31227
BIT-VALKEY-2024-31227
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-AY29369
CLEANSTART-2026-BX37171
CLEANSTART-2026-BZ70876
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CQ83284
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CLEANSTART-2026-YP32652
CVE-2024-31227
GHSA-38P4-26X2-VQHH
INFSA-2024_10869
MGASA-2024-0340
OPENSUSE-SU-2024:14412-1
OPENSUSE-SU-2024_3535-1
OPENSUSE-SU-2024_3537-1
OPENSUSE-SU-2024_3549-1
OPENSUSE-SU-2025:15293-1
RHSA-2024:10869
RHSA-2024_10869
SUSE-SU-2024:3535-1
SUSE-SU-2024:3537-1
SUSE-SU-2024:3549-1
SUSE-SU-2024_3535-1
SUSE-SU-2024_3537-1
SUSE-SU-2024_3549-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Red Hat
Red Os
Redis
Suse