CLSA-2026-1779351595

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779351595

Upstream

Published

2026-05-21T09:28:51Z

Modified

2026-06-04T09:45:31.229172530Z

Summary

Fix CVE(s): CVE-2026-23631

Details

SECURITY UPDATE: Use-after-free in readSyncBulkPayload during fullsync
- debian/patches/0015-CVE-2026-23631.patch: guard readSyncBulkPayload in src/replication.c with an early return when server.luatimedout is set, so a fullsync cannot free the Lua scripting engine while a timed-out script is still running on the replica. Backport of upstream redis commit 80c2b5a0a (7.2 branch), adapted to 5.0 by using server.luatimedout in place of isInsideYieldingLongCommand().
- CVE-2026-23631

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:5.0.14-1+deb10u5+tuxcare.els3

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779351595.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:5.0.14-1+deb10u5+tuxcare.els3

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779351595.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:5.0.14-1+deb10u5+tuxcare.els3

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779351595.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:5.0.14-1+deb10u5+tuxcare.els3

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779351595.json"