OESA-2026-2237
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2237
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2237.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2237
- Upstream
- Published
- 2026-05-09T12:32:46Z
- Modified
- 2026-05-09T12:48:26.674501Z
- Summary
- redis security update
- Details
-
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.
Security Fix(es):
When a blocked client is evicted while re-executing a blocked command, an authenticated user may trigger a use-after-free and potentially lead to remote code execution.
The problem exists in Redis
7.2or newer.(CVE-2026-23479)An authenticated user may exploit the synchronization mechanism of the master-replica and trigger a use-after-free vulnerability, potentially leading to remote code execution. The bug affects only replicas that are configured, or may be configured with
replica-read-onlydisabled, and exists in all versions of Redis with Lua scripting.(CVE-2026-23631)A vulnerability in the Redis RESTORE command allows an authenticated user to trigger an invalid memory access via a specially crafted serialized payload, potentially resulting in remote code execution. Successful exploitation could allow an attacker with authenticated access to execute arbitrary code in the context of the Redis server, potentially leading to full compromise of the affected system, data exfiltration, or service disruption. This problem affects all Redis versions.(CVE-2026-25243)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP4
redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.14-1.oe2003sp4
Ecosystem specific
{
"src": [
"redis-7.2.14-1.oe2003sp4.src.rpm"
],
"aarch64": [
"redis-7.2.14-1.oe2003sp4.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2003sp4.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"redis-7.2.14-1.oe2003sp4.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2003sp4.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2003sp4.x86_64.rpm"
]
}openEuler:22.03-LTS-SP4
redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.14-1.oe2203sp4
Ecosystem specific
{
"src": [
"redis-7.2.14-1.oe2203sp4.src.rpm"
],
"aarch64": [
"redis-7.2.14-1.oe2203sp4.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2203sp4.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"redis-7.2.14-1.oe2203sp4.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2203sp4.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2203sp4.x86_64.rpm"
]
}openEuler:24.03-LTS
redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.14-1.oe2403sp3
Ecosystem specific
{
"src": [
"redis-7.2.14-1.oe2403.src.rpm",
"redis-7.2.14-1.oe2403sp1.src.rpm",
"redis-7.2.14-1.oe2403sp3.src.rpm"
],
"aarch64": [
"redis-7.2.14-1.oe2403.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2403.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2403.aarch64.rpm",
"redis-7.2.14-1.oe2403sp1.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp1.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp1.aarch64.rpm",
"redis-7.2.14-1.oe2403sp3.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp3.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"redis-7.2.14-1.oe2403.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2403.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2403.x86_64.rpm",
"redis-7.2.14-1.oe2403sp1.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp1.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp1.x86_64.rpm",
"redis-7.2.14-1.oe2403sp3.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp3.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp3.x86_64.rpm"
]
}openEuler:24.03-LTS-SP1
redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.14-1.oe2403sp1
Ecosystem specific
{
"src": [
"redis-7.2.14-1.oe2403sp1.src.rpm"
],
"aarch64": [
"redis-7.2.14-1.oe2403sp1.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp1.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"redis-7.2.14-1.oe2403sp1.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp1.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp1.x86_64.rpm"
]
}openEuler:24.03-LTS-SP3
redis
Package
- Name
- redis
- Purl
- pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.14-1.oe2403sp3
Ecosystem specific
{
"src": [
"redis-7.2.14-1.oe2403sp3.src.rpm"
],
"aarch64": [
"redis-7.2.14-1.oe2403sp3.aarch64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp3.aarch64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"redis-7.2.14-1.oe2403sp3.x86_64.rpm",
"redis-debuginfo-7.2.14-1.oe2403sp3.x86_64.rpm",
"redis-debugsource-7.2.14-1.oe2403sp3.x86_64.rpm"
]
}