166 matches found
Astra Linux – Vulnerability in Redis
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this issue was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have any safety guarantees related to...
redis: Remote code execution via use-after-free in Lua scripting
A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...
redis: Remote code execution via use-after-free in Lua scripting
A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...
redis: Remote code execution via use-after-free in Lua scripting
A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...
redis: Remote code execution via use-after-free in Lua scripting
A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...
SUSE SLES15 Security Update : redis7 (SUSE-SU-2026:2097-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2097-1 advisory. This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization...
SUSE SLES15 Security Update : redis7 (SUSE-SU-2026:2100-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2100-1 advisory. This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization...
SUSE SLES15 Security Update : redis (SUSE-SU-2026:2099-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2099-1 advisory. This update for redis fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code...
SUSE-SU-2026:2100-1 Security update for redis7
This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. - CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to...
Security update for redis
This update for redis fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...
SUSE-SU-2026:2099-1 Security update for redis
This update for redis fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. -...
Security update for redis7
This update for redis7 fixes the following issues CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to remot...
Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2026-1748)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1748 advisory. Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing ...
CVE-2026-23631
A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...
Security update for valkey
This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...
SUSE-SU-2026:1950-1 Security update for valkey
This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. -...
Security update for valkey
This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...
SUSE-SU-2026:1949-1 Security update for valkey
This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. -...
OESA-2026-2237 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: When a blocked client is evicted while re-executing a blocked command, an authenticated user may trigger a use-after-free and...
BIT-VALKEY-2026-23631 redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...