CVE-2024-51741 Overview
CVE-2024-51741 is a Denial of Service vulnerability affecting Redis, the popular open source in-memory database. An authenticated user with sufficient privileges can create a malformed ACL (Access Control List) selector which, when accessed, triggers a server panic and causes the Redis service to crash. This vulnerability represents an improper input validation flaw in Redis's ACL handling mechanism.
Critical Impact
Authenticated attackers with elevated privileges can crash Redis servers, causing service disruption and potential data availability issues in systems relying on Redis for caching or data storage.
Affected Products
- Redis versions prior to 7.2.7
- Redis versions prior to 7.4.2
Discovery Timeline
- 2025-01-06 - CVE-2024-51741 published to NVD
- 2025-09-05 - Last updated in NVD database
Technical Details for CVE-2024-51741
Vulnerability Analysis
This vulnerability stems from improper input validation (CWE-20) in Redis's Access Control List (ACL) selector processing. Redis ACLs provide a mechanism to control which commands and keys users can access. When a malformed ACL selector is crafted by an authenticated user with sufficient privileges, the server fails to properly validate the input before processing it.
The attack requires local access and high privileges, limiting the attack surface to authenticated administrators or users with ACL management capabilities. However, in environments where multiple users have administrative access or where privilege separation is not strictly enforced, this vulnerability poses a significant risk to service availability.
When the malformed ACL selector is subsequently accessed or evaluated by the Redis server, it triggers an unhandled condition that causes the server to panic. This results in an immediate crash of the Redis process, leading to denial of service for all connected clients and applications.
Root Cause
The root cause is improper input validation in Redis's ACL selector parsing logic. The server does not adequately validate the structure and content of ACL selectors during creation, allowing malformed configurations to be stored. When these malformed selectors are later processed during access control checks, the invalid data triggers a server panic condition.
Attack Vector
The attack vector is local, requiring an authenticated user with elevated privileges to exploit this vulnerability. The attacker must have permissions to create or modify ACL configurations within the Redis instance. The attack sequence involves:
- Authenticating to the Redis server with an account that has ACL management privileges
- Crafting a malformed ACL selector with invalid or unexpected data
- Creating or updating an ACL rule with the malformed selector
- Waiting for or triggering the server to access the malformed ACL entry
- The server panics upon processing the malformed data, causing a denial of service
Due to the nature of this vulnerability, technical exploitation details involve crafting specific malformed ACL selector syntax. For detailed technical information, refer to the Redis Security Advisory.
Detection Methods for CVE-2024-51741
Indicators of Compromise
- Unexpected Redis server crashes or restarts without apparent cause
- Unusual ACL modification activity from privileged accounts
- Redis log entries indicating panic conditions during ACL processing
- Repeated service restart events in monitoring systems
Detection Strategies
- Monitor Redis server logs for panic messages and unexpected termination events
- Implement alerting on Redis process crashes and automatic restart patterns
- Audit ACL modification commands (ACL SETUSER, ACL LOAD) in Redis command logs
- Review authentication logs for suspicious privilege usage patterns
Monitoring Recommendations
- Enable Redis slow log and command logging to track ACL-related operations
- Implement process monitoring to detect unexpected Redis server terminations
- Set up availability monitoring for Redis endpoints with appropriate alerting thresholds
- Use SentinelOne to monitor for abnormal process behavior and crash patterns on systems running Redis
How to Mitigate CVE-2024-51741
Immediate Actions Required
- Upgrade Redis to version 7.2.7 or later if running the 7.2.x branch
- Upgrade Redis to version 7.4.2 or later if running the 7.4.x branch
- Review and restrict accounts with ACL management privileges to trusted administrators only
- Implement monitoring for Redis server stability and unexpected restarts
Patch Information
Redis has addressed this vulnerability in versions 7.2.7 and 7.4.2. The fix includes proper validation of ACL selector input to prevent malformed configurations from being created. Organizations should upgrade to these patched versions as soon as possible. For more details, see the Redis Security Advisory on GitHub.
Workarounds
- Restrict ACL management privileges to only trusted administrators who require this capability
- Implement network segmentation to limit access to Redis administrative interfaces
- Enable authentication and use strong credentials for all Redis connections
- Consider using Redis Sentinel or Cluster configurations for high availability to minimize impact of single-node failures
# Configuration example - Restrict ACL file permissions
chmod 600 /etc/redis/users.acl
chown redis:redis /etc/redis/users.acl
# Enable protected mode and require authentication
# Add to redis.conf:
protected-mode yes
requirepass your_strong_password_here
# Restrict which users can modify ACLs by creating limited privilege accounts
# redis-cli example:
# ACL SETUSER limited_user on >password ~cached:* +get +set -@admin -acl
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
