cbcvebase.
CVE-2018-12326
published 2018-06-17

CVE-2018-12326: Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a…

PriorityP349high8.4CVSS 3.0
AVLACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.68%
83.9th percentile
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianredis< redis 5:4.0.10-1 (bookworm)redis 5:4.0.10-1 (bookworm)
redisredis>= 0 < 5:4.0.10-15:4.0.10-1
redisredis>= 0 < 5:4.0.10-15:4.0.10-1
redisredis>= 0 < 5:4.0.10-15:4.0.10-1
redisredis>= 0 < 5:4.0.10-15:4.0.10-1
redislabsredis< 4.0.104.0.10
redislabsredis

Detection & IOCsextracted from sources · hover to see the quote

command./src/redis-cli -h `python -c 'print "A" * 300'`
path/home/user/redis/src/redis-cli.c
  • Monitor process execution for redis-cli invocations where the -h argument is abnormally long (e.g., >255 characters), which is the attack vector for this CVE
  • Audit any service or application that calls redis-cli and passes an externally-controlled or unfiltered host parameter, as this is the exploitation path for privilege escalation
  • ·Exploitation requires local access; the attacker must already have the ability to invoke redis-cli or control its arguments. The security impact is limited unless redis-cli is called by a higher-privileged service with unsanitized input.
  • ·Red Hat OpenStack components do not call redis-cli in a way that exposes the host parameter to manipulation, limiting practical exploitability in that environment.

CVSS provenance

nvdv3.08.4HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv8.4HIGH
vendor_debian8.4HIGH
vendor_redhat8.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.