CLSA-2026-1778616298

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778616298

Upstream

Published

2026-05-12T20:05:04Z

Modified

2026-06-01T00:32:52.227501845Z

Summary

redis: Fix of 2 CVEs

Details

CVE-2026-23631: use-after-free in readSyncBulkPayload when a full resync happens while a timed-out script is still running on the replica
CVE-2026-25243: heap corruption and out-of-bounds reads in the RESTORE command deserialization path (rdb.c, sds.c, zipmap.c)

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.20-1.el9_6.tuxcare.els2

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778616298.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.20-1.el9_6.tuxcare.els2

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778616298.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.20-1.el9_6.tuxcare.els2

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778616298.json"