CVE-2018-11218
published 2018-06-17CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | redis | < redis 5:4.0.10-1 (bookworm) | redis 5:4.0.10-1 (bookworm) |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redis | redis | >= 0 < 5:4.0.10-1 | 5:4.0.10-1 |
| redis | redis | >= 0 < 5:4.0.10-1 | 5:4.0.10-1 |
| redis | redis | >= 0 < 5:4.0.10-1 | 5:4.0.10-1 |
| redis | redis | >= 0 < 5:4.0.10-1 | 5:4.0.10-1 |
| redislabs | redis | < 3.2.12 | 3.2.12 |
| redislabs | redis | — | — |
| redislabs | redis | >= 4.0 < 4.0.10 | 4.0.10 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL