Home > Vulnerability Database > CVE-2024-31227

Mend.io Vulnerability Database

CVE-2024-31227

Good to know:

Date: October 7, 2024

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: C#

Severity Score

4.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31227

Url: https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a

Url: https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh

Url: https://www.mend.io/vulnerability-database/CVE-2024-31227

Severity Score

4.4

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 7.2.6,7.4.1

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31227

Good to know:

Date: October 7, 2024

Language: C#

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?