{
  "threat_severity" : "Moderate",
  "public_date" : "2025-01-06T21:20:19Z",
  "bugzilla" : {
    "description" : "redis: Redis allows denial-of-service due to malformed ACL selectors",
    "id" : "2336007",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2336007"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.", "A flaw was found in the Redis server. An authenticated attacker with sufficient privileges can create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service." ],
  "statement" : "This vulnerability affects Redis versions 7.0.0 or newer.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-01-27T00:00:00Z",
    "advisory" : "RHSA-2025:0692",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis:7-9050020250115104757.9"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp-backend-container",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp-system-container",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 1.2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-tower",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Not affected",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "redis:6/redis",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "redis",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "io.hawt-hawtio-integration",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Not affected",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-51741\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-51741\nhttps://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9" ],
  "name" : "CVE-2024-51741",
  "csaw" : false
}