2317053 – (CVE-2024-31227) CVE-2024-31227 redis: Denial-of-service due to malformed ACL selectors in Redis

Bug 2317053 (CVE-2024-31227) - CVE-2024-31227 redis: Denial-of-service due to malformed ACL selectors in Redis

Summary: CVE-2024-31227 redis: Denial-of-service due to malformed ACL selectors in Redis

Keywords:
Status:	NEW
Alias:	CVE-2024-31227
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2317413 2317414
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-07 20:01 UTC by OSIDB Bzimport
Modified:	2024-12-05 21:41 UTC (History)
CC List:	30 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:10869	0	None	None	None	2024-12-05 21:41:05 UTC

Description OSIDB Bzimport 2024-10-07 20:01:21 UTC

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Comment 1 errata-xmlrpc 2024-12-05 21:41:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10869 https://access.redhat.com/errata/RHSA-2024:10869

Note You need to log in before you can comment on or make changes to this bug.

akostadi
amasferr
bdettelb
brking
cbartlet
chazlett
davidn
dmayorov
doconnor
gtanzill
haoli
hkataria
jcammara
jlledo
jmitchel
jneedle
kshier
mabashia
mjaros
mkudlej
mmakovy
pbraun
simaishi
smcdonal
stcannon
teagle
tfister
thavo
tjochec
yguenane