CVE-2024-51741: 
Redis vulnerability analysis and mitigation

Redis, an open-source in-memory database, was found to contain a vulnerability (CVE-2024-51741) that affects versions 7.0.0 and newer. The vulnerability allows an authenticated user with sufficient privileges to create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. This security flaw was discovered and reported by Axel Mierczuk (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-20 (Improper Input Validation). The attack requires local access, low attack complexity, and high privileges, but no user interaction. While the scope is unchanged and there is no impact on confidentiality or integrity, the vulnerability can have a high impact on availability (NVD).

When exploited, this vulnerability can cause a denial of service condition by triggering a server panic in Redis instances. This affects the availability of the Redis service, potentially disrupting applications that depend on Redis for data storage and caching (Security Online).

The vulnerability has been fixed in Redis versions 7.2.7 and 7.4.2. Users are strongly recommended to update their Redis installations to these patched versions to mitigate the risk (Ubuntu Security).