Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Redis
Redis redis
CPEs cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*
Vendors & Products Redis
Redis redis

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00036}

epss

{'score': 0.0003}


Sat, 07 Dec 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Tue, 08 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 07 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Denial-of-service due to malformed ACL selectors in Redis
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-07T20:20:56.702Z

Reserved: 2024-03-29T14:16:31.902Z

Link: CVE-2024-31227

cve-icon Vulnrichment

Updated: 2024-10-07T20:20:51.837Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-07T20:15:05.050

Modified: 2025-08-26T17:44:01.137

Link: CVE-2024-31227

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-07T19:51:04Z

Links: CVE-2024-31227 - Bugzilla

cve-icon OpenCVE Enrichment

No data.