| Name | CVE-2024-51741 |
| Description | Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1092370, 1092371, 1092372 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| redict (PTS) | trixie | 7.3.1+ds-1 | vulnerable |
| sid | 7.3.2+ds-1 | fixed | |
| redis (PTS) | bullseye | 5:6.0.16-1+deb11u2 | vulnerable |
| bullseye (security) | 5:6.0.16-1+deb11u4 | vulnerable | |
| bookworm, bookworm (security) | 5:7.0.15-1~deb12u1 | vulnerable | |
| sid, trixie | 5:7.0.15-2 | vulnerable | |
| valkey (PTS) | sid, trixie | 8.0.1+dfsg1-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| redict | source | (unstable) | 7.3.2+ds-1 | 1092372 | ||
| redis | source | (unstable) | (unfixed) | 1092370 | ||
| valkey | source | (unstable) | (unfixed) | 1092371 |
https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9
https://github.com/redis/redis/commit/15e212bf69de28d2b4585aa79cc2a40f49e4a94d (7.2.7)
https://codeberg.org/redict/redict/issues/60
https://codeberg.org/redict/redict/commit/ba5dcb3b161e357de95ec7aa4ab03688559e7222
https://github.com/valkey-io/valkey/commit/7977c55ac9bea7d1443c32ef5ec020767c086d3a