CVE-2018-11218

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

9.8CRITICAL

EPSS

80.3%

top 0.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redislabs Redis Debian Debian Linux Oracle Communications Operations Monitor +1 more

Timeline

PublishedJun 17

Latest updateMay 13

Description

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDredislabs/redis4.0 — 4.0.10+2

▶Debianredis< 5:4.0.10-1+3

▶NVDredhat/openstack10, 13+1

▶NVDoracle/communications_operations_monitor3.4, 4.0+1

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-84mm-87vg-44q4: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3↗2022-05-13

▶

CVEList

CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3↗2018-06-17

▶

OSV

CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3↗2018-06-17

▶

📋Vendor Advisories

Red Hat

redis: Heap corruption in lua_cmsgpack.c↗2018-06-13

▶

Debian

CVE-2018-11218: redis - Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in...↗2018

▶

💬Community

Bugzilla

CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c [epel-all]↗2018-06-15

▶

Bugzilla

CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c [fedora-all]↗2018-06-15

▶

Bugzilla

CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c↗2018-06-12

▶