CVE-2024-51741

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

History

05 Sep 2025, 14:25

Type	Values Removed	Values Added
References	~~() https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9 -~~	() https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9 - Vendor Advisory
First Time		Redis Redis redis
CPE		cpe:2.3:a:redis:redis::::::::
Summary		(es) Redis es una base de datos en memoria de código abierto que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a él, desencadena un pánico del servidor y la consiguiente denegación de servicio. El problema se solucionó en Redis 7.2.7 y 7.4.2.
CWE		NVD-CWE-noinfo

06 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 22:15

Updated : 2025-09-05 14:25

NVD link : CVE-2024-51741

Mitre link : CVE-2024-51741

CVE.ORG link : CVE-2024-51741

JSON object : View

Products Affected

redis

redis

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2024-51741", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2025-01-06T22:15:09.827", "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a \u00e9l, desencadena un p\u00e1nico del servidor y la consiguiente denegaci\u00f3n de servicio. El problema se solucion\u00f3 en Redis 7.2.7 y 7.4.2."}], "lastModified": "2025-09-05T14:25:29.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6712988E-3667-488C-9AD2-B49176BA362B", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C650091-3AC4-4A82-99E8-265600DBD02E", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}