一、漏洞信息

漏洞编号：[CVE-2024-31227](https://nvd.nist.gov/vuln/detail/CVE-2024-31227)

漏洞归属组件：[redis5](https://gitee.com/src-openeuler/redis5)

漏洞归属的版本：5.0.14,5.0.7

CVSS V3.0分值：

BaseScore：4.4 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

漏洞公开时间：2024-10-08 04:15:05

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-31227

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | |

| security-advisories.github.com | https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | |

一、漏洞信息

漏洞编号：[CVE-2024-31227](https://nvd.nist.gov/vuln/detail/CVE-2024-31227)

漏洞归属组件：[redis5](https://gitee.com/src-openeuler/redis5)

漏洞归属的版本：5.0.14,5.0.7

CVSS V3.0分值：

BaseScore：4.4 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

漏洞公开时间：2024-10-08 04:15:05

漏洞创建时间：2024-10-09 00:38:36

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-31227

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | |

| security-advisories.github.com | https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | |

| suse_bugzilla | https://smelt.suse.de/incident/35909/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35902/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35905/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-31227 |

一、漏洞信息

漏洞编号：[CVE-2024-31227](https://nvd.nist.gov/vuln/detail/CVE-2024-31227)

漏洞归属组件：[redis5](https://gitee.com/src-openeuler/redis5)

漏洞归属的版本：5.0.14,5.0.7

CVSS V3.0分值：

BaseScore：4.4 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

漏洞公开时间：2024-10-08 04:15:05

漏洞创建时间：2024-10-09 00:38:36

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-31227

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | |

| security-advisories.github.com | https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | |

| suse_bugzilla | https://smelt.suse.de/incident/35909/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35902/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35905/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-31227 |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2024-31227 | https://explore.alas.aws.amazon.com/CVE-2024-31227.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31227 | https://explore.alas.aws.amazon.com/CVE-2024-31227.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | | security-advisories.github.com |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

4.4

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(5.0.14):

2.openEuler-20.03-LTS-SP4(5.0.14):

3.openEuler-22.03-LTS-SP1(5.0.7):

4.openEuler-22.03-LTS-SP3(5.0.7):

5.openEuler-22.03-LTS-SP4(5.0.7):

6.openEuler-24.03-LTS(5.0.14):

7.openEuler-24.03-LTS-Next(5.0.14):

修复是否涉及abi变化(是/否)：

1.master(5.0.14):

2.openEuler-20.03-LTS-SP4(5.0.14):

3.openEuler-22.03-LTS-SP1(5.0.7):

4.openEuler-22.03-LTS-SP3(5.0.7):

5.openEuler-22.03-LTS-SP4(5.0.7):

6.openEuler-24.03-LTS(5.0.14):

7.openEuler-24.03-LTS-Next(5.0.14):

一、漏洞信息

漏洞编号：[CVE-2024-31227](https://nvd.nist.gov/vuln/detail/CVE-2024-31227)

漏洞归属组件：[redis5](https://gitee.com/src-openeuler/redis5)

漏洞归属的版本：5.0.14,5.0.7

CVSS V3.0分值：

BaseScore：4.4 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

漏洞公开时间：2024-10-08 04:15:05

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-31227

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | |

| security-advisories.github.com | https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | |

| suse_bugzilla | https://smelt.suse.de/incident/35909/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35902/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35905/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-31227 |

| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2024-31227 | https://explore.alas.aws.amazon.com/CVE-2024-31227.html |

| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31227 | https://explore.alas.aws.amazon.com/CVE-2024-31227.html |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| | | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | | security-advisories.github.com |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

4.4

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(5.0.14):

2.openEuler-20.03-LTS-SP4(5.0.14):

3.openEuler-22.03-LTS-SP1(5.0.7):

4.openEuler-22.03-LTS-SP3(5.0.7):

5.openEuler-22.03-LTS-SP4(5.0.7):

6.openEuler-24.03-LTS(5.0.14):

7.openEuler-24.03-LTS-Next(5.0.14):

修复是否涉及abi变化(是/否)：

1.master(5.0.14):

2.openEuler-20.03-LTS-SP4(5.0.14):

3.openEuler-22.03-LTS-SP1(5.0.7):

4.openEuler-22.03-LTS-SP3(5.0.7):

5.openEuler-22.03-LTS-SP4(5.0.7):

6.openEuler-24.03-LTS(5.0.14):

7.openEuler-24.03-LTS-Next(5.0.14):

一、漏洞信息

漏洞编号：[CVE-2024-31227](https://nvd.nist.gov/vuln/detail/CVE-2024-31227)

漏洞归属组件：[redis5](https://gitee.com/src-openeuler/redis5)

漏洞归属的版本：5.0.14,5.0.7

CVSS V3.0分值：

BaseScore：4.4 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

漏洞公开时间：2024-10-08 04:15:05

漏洞创建时间：2024-10-08 16:38:36

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-31227

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security-advisories.github.com | https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | |

| security-advisories.github.com | https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | |

| suse_bugzilla | https://smelt.suse.de/incident/35909/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35902/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| suse_bugzilla | https://smelt.suse.de/incident/35905/ | https://bugzilla.suse.com/show_bug.cgi?id=1231266 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-31227 |