Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 05 Sep 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redis
Redis redis
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Vendors & Products Redis
Redis redis

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00067}

epss

{'score': 0.00055}


Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Thu, 09 Jan 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 06 Jan 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jan 2025 21:30:00 +0000

Type Values Removed Values Added
Description Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Title Redis allows denial-of-service due to malformed ACL selectors
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-01-06T21:39:28.426Z

Reserved: 2024-10-31T14:12:45.789Z

Link: CVE-2024-51741

cve-icon Vulnrichment

Updated: 2025-01-06T21:39:22.120Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-06T22:15:09.827

Modified: 2025-09-05T14:25:29.293

Link: CVE-2024-51741

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-06T21:20:19Z

Links: CVE-2024-51741 - Bugzilla

cve-icon OpenCVE Enrichment

No data.