CVE-2024-51741
📋 TL;DR
An authenticated attacker with sufficient privileges can create a malformed ACL selector in Redis that triggers a server panic when accessed, causing a denial of service. This affects Redis instances where authenticated users have ACL modification permissions. The vulnerability requires authentication and specific privileges to exploit.
💻 Affected Systems
- Redis
📦 What is this software?
Redis by Redis
Redis by Redis
⚠️ Risk & Real-World Impact
Worst Case
Complete Redis service crash leading to denial of service for all clients, requiring manual restart and potentially causing data loss if persistence is not properly configured.
Likely Case
Targeted DoS attack against specific Redis instances by authenticated malicious users, causing temporary service disruption until restart.
If Mitigated
Minimal impact if proper ACL restrictions are in place and users don't have unnecessary ACL modification privileges.
🎯 Exploit Status
Requires authenticated access with ACL modification privileges. The advisory provides technical details but no public exploit code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Redis 7.2.7 or 7.4.2
Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9
Restart Required: Yes
Instructions:
1. Stop Redis service. 2. Backup Redis data and configuration. 3. Upgrade Redis to version 7.2.7 or 7.4.2 using your package manager or from source. 4. Restart Redis service. 5. Verify the new version is running.
🔧 Temporary Workarounds
Restrict ACL privileges
allLimit ACL modification privileges to only necessary administrative users
redis-cli ACL SETUSER username -@all +@read +@write -ACL
Disable ACL if not needed
allIf ACL functionality is not required, disable it entirely
# Remove ACL configuration from redis.conf or set ACLFILE to empty
🧯 If You Can't Patch
- Implement strict network access controls to limit Redis access to trusted sources only
- Apply principle of least privilege to Redis user accounts and remove unnecessary ACL modification permissions
🔍 How to Verify
Check if Vulnerable:
Check Redis version with 'redis-cli --version' or 'redis-server --version'. If version is below 7.2.7 or 7.4.2 and ACL is enabled, the system is vulnerable.Check Version:
redis-cli --versionVerify Fix Applied:
After upgrade, verify version is 7.2.7 or higher (for 7.2.x) or 7.4.2 or higher (for 7.4.x) using 'redis-cli --version'.📡 Detection & Monitoring
Log Indicators:
- Redis crash logs with panic messages
- Unexpected Redis service restarts
- ACL modification attempts followed by service disruption
Network Indicators:
- Sudden drop in Redis connections
- Failed Redis authentication attempts followed by service crash
SIEM Query:
source="redis.log" AND ("panic" OR "crash" OR "segmentation fault")