CVE-2024-31227

CVE-2024-31227

Name

CVE-2024-31227

Description

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh
MISC	https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a

Type

URI

CONFIRM

https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh

MISC

https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a

Match rules

CPE URI	Source package	Min version	Max version
	redis	>= 7.0.0	< 7.2.6
	redis	>= 7.3.0	< 7.4.1
`cpe:2.3:a:redis:redis:7.4.0:::::::*`	redis	== None	== 7.4.0

CPE URI

Source package

Min version

Max version

redis

>= 7.0.0

< 7.2.6

redis

>= 7.3.0

< 7.4.1

cpe:2.3:a:redis:redis:7.4.0:*:*:*:*:*:*:*

redis

== None

== 7.4.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
valkey	edge-main	7.2.7-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.22-main	7.2.7-r0	None	fixed
valkey	3.21-main	7.2.7-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.20-main	7.2.7-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
redis	edge-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.2-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.1-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.0-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.12-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.11-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.5-r2	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	7.2.5-r1	TBK <alpine@jjtc.eu>	fixed
redis	edge-community	7.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r0	None	possibly vulnerable
redis	edge-community	7.2.2-r0	None	possibly vulnerable
redis	edge-community	7.2.1-r0	None	possibly vulnerable
redis	edge-community	7.0.12-r0	None	possibly vulnerable
redis	edge-community	7.0.8-r0	None	possibly vulnerable
redis	edge-community	7.0.6-r0	None	possibly vulnerable
redis	edge-community	7.0.5-r0	None	possibly vulnerable
redis	edge-community	7.0.4-r0	None	possibly vulnerable
redis	3.22-community	7.2.5-r1	None	fixed
redis	3.22-community	7.2.4-r0	None	possibly vulnerable
redis	3.22-community	7.2.2-r0	None	possibly vulnerable
redis	3.22-community	7.2.1-r0	None	possibly vulnerable
redis	3.22-community	7.0.12-r0	None	possibly vulnerable
redis	3.22-community	7.0.8-r0	None	possibly vulnerable
redis	3.22-community	7.0.6-r0	None	possibly vulnerable
redis	3.22-community	7.0.5-r0	None	possibly vulnerable
redis	3.22-community	7.0.4-r0	None	possibly vulnerable
redis	3.21-community	7.2.5-r1	None	fixed
redis	3.20-community	7.2.5-r1	TBK <alpine@jjtc.eu>	fixed
redis	3.19-main	7.2.4-r1	TBK <alpine@jjtc.eu>	fixed
redis	3.19-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.2-r0	None	possibly vulnerable
redis	3.19-main	7.2.1-r0	None	possibly vulnerable
redis	3.19-main	7.0.12-r0	None	possibly vulnerable
redis	3.19-main	7.0.8-r0	None	possibly vulnerable
redis	3.19-main	7.0.6-r0	None	possibly vulnerable
redis	3.19-main	7.0.5-r0	None	possibly vulnerable
redis	3.19-main	7.0.4-r0	None	possibly vulnerable
redis	3.18-main	7.0.15-r1	TBK <alpine@jjtc.eu>	fixed
redis	3.17-main	7.0.15-r1	TBK <alpine@jjtc.eu>	fixed
redict	edge-community	7.3.1-r0	fossdd <fossdd@pwned.life>	fixed
redict	3.22-community	7.3.1-r0	None	fixed
redict	3.21-community	7.3.1-r0	fossdd <fossdd@pwned.life>	fixed
redict	3.20-community	7.3.1-r0	fossdd <fossdd@pwned.life>	fixed

Source package

Branch

Version

Maintainer

Status

valkey

edge-main

7.2.7-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

valkey

3.22-main