{"schema_version":"1.7.2","id":"OESA-2026-2237","modified":"2026-05-09T12:32:46Z","published":"2026-05-09T12:32:46Z","upstream":["CVE-2026-23479","CVE-2026-23631","CVE-2026-25243"],"summary":"redis security update","details":"Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets.\r\n\r\nSecurity Fix(es):\n\nWhen a blocked client is evicted while re-executing a blocked command, an authenticated user may trigger a use-after-free and potentially lead to remote code execution.\n\nThe problem exists in Redis `7.2` or newer.(CVE-2026-23479)\n\nAn authenticated user may exploit the synchronization mechanism of the master-replica and trigger a use-after-free vulnerability, potentially leading to remote code execution. The bug affects only replicas that are configured, or may be configured with `replica-read-only` disabled, and exists in all versions of Redis with Lua scripting.(CVE-2026-23631)\n\nA vulnerability in the Redis RESTORE command allows an authenticated user to trigger an invalid memory access via a specially crafted serialized payload, potentially resulting in remote code execution. Successful exploitation could allow an attacker with authenticated access to execute arbitrary code in the context of the Redis server, potentially leading to full compromise of the affected system, data exfiltration, or service disruption. This problem affects all Redis versions.(CVE-2026-25243)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"redis","purl":"pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.14-1.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["redis-7.2.14-1.oe2403.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2403.aarch64.rpm","redis-debugsource-7.2.14-1.oe2403.aarch64.rpm","redis-7.2.14-1.oe2403sp1.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2403sp1.aarch64.rpm","redis-debugsource-7.2.14-1.oe2403sp1.aarch64.rpm","redis-7.2.14-1.oe2403sp3.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2403sp3.aarch64.rpm","redis-debugsource-7.2.14-1.oe2403sp3.aarch64.rpm"],"src":["redis-7.2.14-1.oe2403.src.rpm","redis-7.2.14-1.oe2403sp1.src.rpm","redis-7.2.14-1.oe2403sp3.src.rpm"],"x86_64":["redis-7.2.14-1.oe2403.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2403.x86_64.rpm","redis-debugsource-7.2.14-1.oe2403.x86_64.rpm","redis-7.2.14-1.oe2403sp1.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2403sp1.x86_64.rpm","redis-debugsource-7.2.14-1.oe2403sp1.x86_64.rpm","redis-7.2.14-1.oe2403sp3.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2403sp3.x86_64.rpm","redis-debugsource-7.2.14-1.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"redis","purl":"pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.14-1.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["redis-7.2.14-1.oe2403sp1.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2403sp1.aarch64.rpm","redis-debugsource-7.2.14-1.oe2403sp1.aarch64.rpm"],"src":["redis-7.2.14-1.oe2403sp1.src.rpm"],"x86_64":["redis-7.2.14-1.oe2403sp1.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2403sp1.x86_64.rpm","redis-debugsource-7.2.14-1.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"redis","purl":"pkg:rpm/openEuler/redis&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.14-1.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["redis-7.2.14-1.oe2403sp3.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2403sp3.aarch64.rpm","redis-debugsource-7.2.14-1.oe2403sp3.aarch64.rpm"],"src":["redis-7.2.14-1.oe2403sp3.src.rpm"],"x86_64":["redis-7.2.14-1.oe2403sp3.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2403sp3.x86_64.rpm","redis-debugsource-7.2.14-1.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"redis","purl":"pkg:rpm/openEuler/redis&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.14-1.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["redis-7.2.14-1.oe2003sp4.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2003sp4.aarch64.rpm","redis-debugsource-7.2.14-1.oe2003sp4.aarch64.rpm"],"src":["redis-7.2.14-1.oe2003sp4.src.rpm"],"x86_64":["redis-7.2.14-1.oe2003sp4.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2003sp4.x86_64.rpm","redis-debugsource-7.2.14-1.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"redis","purl":"pkg:rpm/openEuler/redis&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.14-1.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["redis-7.2.14-1.oe2203sp4.aarch64.rpm","redis-debuginfo-7.2.14-1.oe2203sp4.aarch64.rpm","redis-debugsource-7.2.14-1.oe2203sp4.aarch64.rpm"],"src":["redis-7.2.14-1.oe2203sp4.src.rpm"],"x86_64":["redis-7.2.14-1.oe2203sp4.x86_64.rpm","redis-debuginfo-7.2.14-1.oe2203sp4.x86_64.rpm","redis-debugsource-7.2.14-1.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2237"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23479"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23631"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25243"}],"database_specific":{"severity":"High"}}