Denial of Service Vulnerability in Redis Database

CVE-2024-31227

Summary

An authenticated user with adequate privileges can create a malformed Access Control List (ACL) selector in Redis that causes the server to panic. This behavior leads to a denial of service as the server becomes unresponsive. The vulnerability is present in Redis versions prior to 7.2.6 and 7.4.1. Users of affected Redis versions are recommended to upgrade to the latest versions to mitigate the impact of this vulnerability. Currently, there are no workarounds available for this issue.

References