CVE-2024-51741

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-51741
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51741.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-51741
Aliases
Downstream
Related
Published
2025-01-06T21:20:19.772Z
Modified
2025-12-05T07:18:55.030433Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Redis allows denial-of-service due to malformed ACL selectors
Details

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51741.json"
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
ba181057223b04aba580a01b1b36662430aea4a0
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.2.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
c9d29f6a918c335bc1778d9f68e521c1bbb36a0f
Fixed
a0a6f23d997b024689ba157916837f493a593a34
Database specific 
{
    "versions": [
        {
            "introduced": "7.4.0"
        },
        {
            "fixed": "7.4.2"
        }
    ]
}

Affected versions

7.*

7.4.0
7.4.1