{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51741", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-31T14:12:45.789Z", "datePublished": "2025-01-06T21:20:19.772Z", "dateUpdated": "2025-01-06T21:39:28.426Z"}, "containers": {"cna": {"title": "Redis allows denial-of-service due to malformed ACL selectors", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.0.0, < 7.2.7", "status": "affected"}, {"version": ">= 7.4.0, < 7.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:20:19.772Z"}, "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2."}], "source": {"advisory": "GHSA-prpq-rh5h-46g9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T21:38:56.131035Z", "id": "CVE-2024-51741", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:39:28.426Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51741", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-06T21:38:56.131035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:39:22.120Z"}}], "cna": {"title": "Redis allows denial-of-service due to malformed ACL selectors", "source": {"advisory": "GHSA-prpq-rh5h-46g9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.2.7"}, {"status": "affected", "version": ">= 7.4.0, < 7.4.2"}]}], "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", "name": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:20:19.772Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51741", "state": "PUBLISHED", "dateUpdated": "2025-01-06T21:39:28.426Z", "dateReserved": "2024-10-31T14:12:45.789Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-01-06T21:20:19.772Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "6712988E-3667-488C-9AD2-B49176BA362B", "versionEndExcluding": "7.2.7", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C650091-3AC4-4A82-99E8-265600DBD02E", "versionEndExcluding": "7.4.2", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Un usuario autenticado con privilegios suficientes puede crear un selector de ACL mal formado que, cuando se accede a \u00e9l, desencadena un p\u00e1nico del servidor y la consiguiente denegaci\u00f3n de servicio. El problema se solucion\u00f3 en Redis 7.2.7 y 7.4.2."}], "id": "CVE-2024-51741", "lastModified": "2025-09-05T14:25:29.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-01-06T22:15:09.827", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0692", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "redis:7-9050020250115104757.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-27T00:00:00Z"}], "bugzilla": {"description": "redis: Redis allows denial-of-service due to malformed ACL selectors", "id": "2336007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336007"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.", "A flaw was found in the Redis server. An authenticated attacker with sufficient privileges can create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service."], "name": "CVE-2024-51741", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Not affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Not affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "redis:6/redis", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "io.hawt-hawtio-integration", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2025-01-06T21:20:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-51741\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-51741\nhttps://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9"], "statement": "This vulnerability affects Redis versions 7.0.0 or newer.", "threat_severity": "Moderate"}