2 matches found
CLSA-2026-1779351595 Fix CVE(s): CVE-2026-23631
SECURITY UPDATE: Use-after-free in readSyncBulkPayload during fullsync - debian/patches/0015-CVE-2026-23631.patch: guard readSyncBulkPayload in src/replication.c with an early return when server.luatimedout is set, so a fullsync cannot free the Lua scripting engine while a timed-out script is sti...
CLSA-2026-1778616298 redis: Fix of 2 CVEs
CVE-2026-23631: use-after-free in readSyncBulkPayload when a full resync happens while a timed-out script is still running on the replica - CVE-2026-25243: heap corruption and out-of-bounds reads in the RESTORE command deserialization path rdb.c, sds.c, zipmap.c...