CVE-2024-31227

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-31227
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31227.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31227
Aliases
Downstream
Related
Published
2024-10-07T19:51:04.520Z
Modified
2026-03-03T02:52:44.987729Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial-of-service due to malformed ACL selectors in Redis
Details

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31227.json"
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b351d5a3210e61cc3b22ba38a723d6da8f3c298a
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
b351d5a3210e61cc3b22ba38a723d6da8f3c298a

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31227.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "40661584271837133427091237980144603108",
            "length": 4281.0
        },
        "source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
        "signature_type": "Function",
        "id": "CVE-2024-31227-54f6e5e1",
        "target": {
            "file": "src/acl.c",
            "function": "ACLSetSelector"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "122073505150330779881925889376104048481",
                "20546548576662628414487098384772441091",
                "12194845935100251552104546068211565647",
                "96821037693610244447265708658612769828"
            ]
        },
        "source": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
        "signature_type": "Line",
        "id": "CVE-2024-31227-f772918c",
        "target": {
            "file": "src/acl.c"
        }
    }
]