Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5856 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5856-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     January 30, 2025                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : redis     CVE ID         : CVE-2024-46981 CVE-2024-51741

    Two security issues were discovered in Redis, a persistent key-value     database, which could result in the execution of arbitrary code or     denial of service.

    For the stable distribution (bookworm), these problems have been fixed     in version 5:7.0.15-1~deb12u3.

    We recommend that you upgrade your redis packages.

    For the detailed security status of redis please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/redis

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0692 advisory.

    * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)
      * redis: Redis allows denial-of-service due to malformed ACL selectors (CVE-2024-51741)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0692 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

    * redis: Redis allows denial-of-service due to malformed ACL selectors (CVE-2024-51741)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0692 advisory.

    [7.2.7-1]
    - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0160-1 advisory.

    - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed.
    (bsc#1235386)
    - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading     to remote code execution. (bsc#1235387)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0163-1 advisory.

    - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed.
    (bsc#1235386)
    - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading     to remote code execution. (bsc#1235387)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0161-1 advisory.

    - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed.
    (bsc#1235386)
    - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading     to remote code execution. (bsc#1235387)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d6c0319427 advisory.

    update to 7.3.2       fixes CVE-2024-46981       fixes CVE-2024-51741       fixes CVE-2024-31449       fixes CVE-2024-31227       fixes CVE-2024-31228

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9eccdb2c3e advisory.

    update to 8.0.2     fixes CVE-2024-46981 - Lua script commands may lead to remote code execution     fixes CVE-2024-51741 - Denial-of-service due to malformed ACL selectors


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-282df7372b advisory.

    update to 7.3.2       fixes CVE-2024-46981       fixes CVE-2024-51741       fixes CVE-2024-31449       fixes CVE-2024-31227       fixes CVE-2024-31228

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-72fd0442cc advisory.

    **Redis 7.2.7**    Released Mon 6 Jan 2025 12:30:00 IDT

    Upgrade urgency SECURITY: See security fixes below.

    Security fixes

    * (**CVE-2024-46981**) Lua script commands may lead to remote code execution
    * (**CVE-2024-51741**) Denial-of-service due to malformed ACL selectors

    Bug fixes

    * 13380 Possible crash due to OOM panic on invalid command
    * 13338 Streams: `XINFO` lag field is wrong when tombstone is after the `last_id` of the consume group
    * 13473 Streams: `XTRIM` does not update the maximal tombstone, leading to an incorrect lag
    * 13311 Cluster: crash due to unblocking client during slot migration
    * 13443 Cluster: crash when loading cluster config
    * 13422 Cluster: `CLUSTER SHARDS` returns empty array
    * 13465 Cluster: incompatibility with older node versions




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4d79fd1a-cc93-11ef-abed-08002784c58d advisory.

    Redis core team reports:

                An authenticated with sufficient privileges may create a                 malformed ACL selector which, when accessed, triggers a                 server panic and subsequent denial of service.The problem                 exists in Redis 7.0.0 or newer.


Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b332afed45 advisory.

    update to 8.0.2     fixes CVE-2024-46981 - Lua script commands may lead to remote code execution     fixes CVE-2024-51741 - Denial-of-service due to malformed ACL selectors


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
214834	Debian dsa-5856 : redis - security update	Nessus	Debian Local Security Checks	high
214767	AlmaLinux 9 : redis:7 (ALSA-2025:0692)	Nessus	Alma Linux Local Security Checks	high
214700	RHEL 9 : redis:7 (RHSA-2025:0692)	Nessus	Red Hat Local Security Checks	high
214666	Oracle Linux 9 : redis:7 (ELSA-2025-0692)	Nessus	Oracle Linux Local Security Checks	high
214368	SUSE SLES15 Security Update : redis7 (SUSE-SU-2025:0160-1)	Nessus	SuSE Local Security Checks	high
214364	SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2025:0163-1)	Nessus	SuSE Local Security Checks	high
214358	SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2025:0161-1)	Nessus	SuSE Local Security Checks	high
214301	Fedora 41 : redict (2025-d6c0319427)	Nessus	Fedora Local Security Checks	high
214299	Fedora 40 : valkey (2025-9eccdb2c3e)	Nessus	Fedora Local Security Checks	high
214298	Fedora 40 : redict (2025-282df7372b)	Nessus	Fedora Local Security Checks	high
214204	Fedora 40 : redis (2025-72fd0442cc)	Nessus	Fedora Local Security Checks	high
213680	FreeBSD : redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors (4d79fd1a-cc93-11ef-abed-08002784c58d)	Nessus	FreeBSD Local Security Checks	medium
213612	Fedora 41 : valkey (2025-b332afed45)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-51741

medium

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

medium

high