366 matches found
CVE-2026-23631
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...
PT-2026-37086
Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description An authenticated attacker can exploit the master-replica synchronization mechanism in the built-in Lua scripting engine to trigger a use-after-free condition. This occurs on replicas where the...
Astra Linux - уязвимость в redis
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...
Astra Linux - уязвимость в redis
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...
Astra Linux - уязвимость в redis
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...
Astra Linux - уязвимость в redis
Redis is an open-source, in-memory database that persists data on disk. A authenticated user can use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. This issue exists in all versions of Redis that support L...
Astra Linux - уязвимость в redis
Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to read out-of-bounds data or cause the server to crash, resulting in a denial of service attack. This vulnerability exists in all...
Astra Linux - уязвимость в redis
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...
UBUNTU-CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-27854
Summary of CVE-2026-27854 : An attacker could trigger a use-after-free when parsing EDNS options via the DNSQuestion:getEDNSOptions method within custom Lua code used by dnsdist. This may occur when a crafted DNS query references a modified DNS packet version, potentially causing a crash and deni...
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028
CVE-2026-24028 describes an out-of-bounds read when parsing DNS packets via Lua: if custom Lua code uses newDNSPacketOverlay to parse DNS packets, a crafted DNS response can trigger a crash (DoS) or unauthorized memory access (potential information disclosure). The available documents do not spec...
RHEL 10 : valkey (RHSA-2026:5445)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5445 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006135)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006135 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006168)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006168 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006170 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to caus...
Exploit for Use After Free in Redis
🚨 CVE-2025-49844 — “RediShell” Critical Remote Code Execu...
[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2026-1471)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1471 advisory. Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response...
[SECURITY] Fedora 42 Update: valkey-8.0.7-1.fc42
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...