Suricata < 7.0.16 Denial of Service Vulnerability

The version of OISF Suricata installed on the remote host is prior to 7.0.16. It is, therefore, affected by a vulnerability: - The Lua TLS certificate information helper could dereference NULL certificate fields when a Lua script requested certificate information for TLS traffic where some...

Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2026-1748)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1748 advisory. Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing ...

CVE-2026-23631

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to cause an integer overflow, potentially leading to remote code execution. This issue exists in all versions of Redis that support...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. In affected versions, specially crafted Lua scripts executed in Redis can cause the heap-based Lua stack to overflow, due to incomplete checks for this condition. This can lead to heap corruption and potentially remote code...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, triggering a use-after-free and potentially leading to remote code execution. This issue exists...

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. Prior to versions 6.2.7 and 7.0.0, an attacker who attempted to load a specially crafted Lua script could cause a NULL pointer dereference, resulting in a crash of the redis-server process. This issue was fixed in Redis versions 7.0.0 and...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to manipulate various LUA objects and potentially execute their own code in the context of another user. This vulnerability exists i...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to read out-of-bounds data or cause the server to crash, resulting in a denial of service attack. This vulnerability exists in all...

[SECURITY] Fedora 42 Update: valkey-8.0.9-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 43 Update: valkey-8.1.7-1.fc43

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] [DSA 6279-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected] https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

TencentOS Server 4: redis (TSSA-2026:0218)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0218 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Unity Linux 20.1070e Security Update: redis6 (UTSA-2026-017741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017741 advisory. Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua...

BIT-VALKEY-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

BIT-KEYDB-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

SUSE CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

PT-2026-38483

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

Linux Distros Unpatched Vulnerability : CVE-2026-23631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica...