CVE-2018-11219

CWE-190 — Integer Overflow9 documents7 sources

Severity

9.8CRITICAL

EPSS

2.6%

top 14.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redislabs Redis Debian Debian Linux Oracle Communications Operations Monitor +1 more

Timeline

PublishedJun 17

Latest updateMay 13

Description

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDredislabs/redis4.0 — 4.0.10+2

▶Debianredis< 5:4.0.10-1+3

▶NVDredhat/openstack10, 13+1

▶NVDoracle/communications_operations_monitor3.4, 4.0+1

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-pqpx-gpvg-4m34: An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3↗2022-05-13

▶

CVEList

CVE-2018-11219: An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3↗2018-06-17

▶

OSV

CVE-2018-11219: An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3↗2018-06-17

▶

📋Vendor Advisories

Red Hat

redis: Integer overflow in lua_struct.c:b_unpack()↗2018-06-13

▶

Debian

CVE-2018-11219: redis - An Integer Overflow issue was discovered in the struct library in the Lua subsys...↗2018

▶

💬Community

Bugzilla

CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack() [epel-all]↗2018-06-15

▶

Bugzilla

CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack() [fedora-all]↗2018-06-15

▶

Bugzilla

CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack()↗2018-06-12

▶