CVE-2024-51741 — Improper Input Validation in Redis
Severity
4.4MEDIUMNVD
OSV9.8OSV6.5
EPSS
0.5%
top 32.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 6
Latest updateMar 19
Description
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6
Affected Packages11 packages
🔴Vulnerability Details
3📋Vendor Advisories
5Debian▶
CVE-2024-51741: redict - Redis is an open source, in-memory database that persists on disk. An authentica...↗2024