vulnerability
Red Hat: CVE-2024-31227: redis: Denial-of-service due to malformed ACL selectors in Redis (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:M/C:N/I:N/A:C) | Oct 7, 2024 | Feb 10, 2025 | Jun 17, 2026 |
Severity
4
CVSS
(AV:L/AC:L/Au:M/C:N/I:N/A:C)
Published
Oct 7, 2024
Added
Feb 10, 2025
Modified
Jun 17, 2026
Description
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Solutions
redhat-upgrade-redisredhat-upgrade-redis-debuginforedhat-upgrade-redis-debugsourceredhat-upgrade-redis-develredhat-upgrade-redis-doc
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.