[Security] CVE-2025-49844: Use-After-Free in Lua parser (luaY_parser)

## Vulnerability

KeyDB inherits **CVE-2025-49844** from Redis — Use-After-Free in Lua parser (luaY_parser).

- **CVE**: [CVE-2025-49844](https://nvd.nist.gov/vuln/detail/CVE-2025-49844)
- **Severity**: CRITICAL

## Verification

The upstream fix for this CVE has not been cherry-picked into KeyDB. Verified by checking KeyDB latest master (git sha `603ebb27`) — fix commit absent, vulnerable code path present.

## Suggested Fix

[redis/redis@d5728cb](https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] CVE-2025-49844: Use-After-Free in Lua parser (luaY_parser) #962

Vulnerability

Verification

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] CVE-2025-49844: Use-After-Free in Lua parser (luaY_parser) #962

Description

Vulnerability

Verification

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions