Published: 17/06/2018 Updated: 04/08/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Memory Corruption exists in the cmsgpack library in the Lua subsystem in Redis prior to 3.2.12, 4.x prior to 4.0.10, and 5.x prior to 5.0 RC2 because of stack-based buffer overflows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redislabs redis
redislabs redis 5.0
debian debian linux 9.0
oracle communications operations monitor 3.4
oracle communications operations monitor 4.0
redhat openstack 13
redhat openstack 10

Debian Bug report logs - #902410 redis: CVE-2018-12326 Package: redis; Maintainer for redis is Chris Lamb <lamby@debianorg>; Source for redis is src:redis (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Tue, 26 Jun 2018 08:39:01 UTC Severity: grave Tags: security Found in versions 2:2817-1 ...

Debian Bug report logs - #901495 redis: multiple security issues in Lua scripting (CVE-2018-11218 CVE-2018-11219) Package: redis; Maintainer for redis is Chris Lamb <lamby@debianorg>; Source for redis is src:redis (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Thu, 14 Jun 2018 06:33:01 UTC S ...

Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service For the stable distribution (stretch), these problems have been fixed in version 3:326-3+deb9u1 We recommend that you upgrade your redis packages For the detailed security status of redis please refer ...

Synopsis Moderate: redis security update Type/Severity Security Advisory: Moderate Topic An update for redis is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: redis security update Type/Severity Security Advisory: Moderate Topic An update for redis is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: rh-redis32-redis security update Type/Severity Security Advisory: Important Topic An update for rh-redis32-redis is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3212, 4x before 4010, and 5x before 50 RC2 because of stack-based buffer overflows ...

Critical Infrastructure Sectors: Healthcare and Public Health

Fork of Lua adding AFL (https://github.com/google/afl) instrumentation to allow Lua scripts (not the VM itself) to be fuzzed.

afl-lua Fork of Lua adding AFL (githubcom/google/afl) instrumentation to allow Lua scripts (not the VM itself) to be fuzzed Building Try it out C module fuzzing Other Approaches Advanced Usage 51 Annotations 511 Solving a Maze 512 Obstacle Course 52 Persistent Mode 53 Dictionaries 1 Building On Linux (maybe other POSIX-y systems?), make

CWE-787 https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://github.com/antirez/redis/issues/5017 https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0 https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 http://antirez.com/news/119 https://www.debian.org/security/2018/dsa-4230 http://www.securityfocus.com/bid/104553 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0052 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:1860 https://security.gentoo.org/glsa/201908-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902410 https://www.debian.org/security/./dsa-4230 https://nvd.nist.gov https://github.com/stevenjohnstone/afl-lua https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

CVE-2018-11218

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect