Bug 2336007 (CVE-2024-51741) - CVE-2024-51741 redis: Redis allows denial-of-service due to malformed ACL selectors
Summary: CVE-2024-51741 redis: Redis allows denial-of-service due to malformed ACL sel...
Keywords:
Status: NEW
Alias: CVE-2024-51741
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2336072
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-06 22:01 UTC by OSIDB Bzimport
Modified: 2025-01-27 01:35 UTC (History)
63 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:0692 0 None None None 2025-01-27 01:35:21 UTC

Description OSIDB Bzimport 2025-01-06 22:01:15 UTC 
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Comment 2 errata-xmlrpc 2025-01-27 01:35:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:0692 https://access.redhat.com/errata/RHSA-2025:0692
Note You need to log in before you can comment on or make changes to this bug.