Published: 17/06/2018 Updated: 04/08/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An Integer Overflow issue exists in the struct library in the Lua subsystem in Redis prior to 3.2.12, 4.x prior to 4.0.10, and 5.x prior to 5.0 RC2, leading to a failure of bounds checking.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redislabs redis
redislabs redis 5.0
debian debian linux 9.0
oracle communications operations monitor 4.0
oracle communications operations monitor 3.4
redhat openstack 10
redhat openstack 13

Debian Bug report logs - #902410 redis: CVE-2018-12326 Package: redis; Maintainer for redis is Chris Lamb <lamby@debianorg>; Source for redis is src:redis (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Tue, 26 Jun 2018 08:39:01 UTC Severity: grave Tags: security Found in versions 2:2817-1 ...

Debian Bug report logs - #901495 redis: multiple security issues in Lua scripting (CVE-2018-11218 CVE-2018-11219) Package: redis; Maintainer for redis is Chris Lamb <lamby@debianorg>; Source for redis is src:redis (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Thu, 14 Jun 2018 06:33:01 UTC S ...

Synopsis Moderate: redis security update Type/Severity Security Advisory: Moderate Topic An update for redis is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: redis security update Type/Severity Security Advisory: Moderate Topic An update for redis is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: rh-redis32-redis security update Type/Severity Security Advisory: Important Topic An update for rh-redis32-redis is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service For the stable distribution (stretch), these problems have been fixed in version 3:326-3+deb9u1 We recommend that you upgrade your redis packages For the detailed security status of redis please refer ...

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3212, 4x before 4010, and 5x before 50 RC2, leading to a failure of bounds checking ...

CWE-190 https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://github.com/antirez/redis/issues/5017 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936 https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 http://antirez.com/news/119 https://www.debian.org/security/2018/dsa-4230 http://www.securityfocus.com/bid/104552 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0052 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:1860 https://security.gentoo.org/glsa/201908-04 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902410 https://www.debian.org/security/./dsa-4230

CVE-2018-11219

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect