Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12453

CWE-704 CWE-8439 documents7 sources

Severity

7.5HIGH

EPSS

32.0%

top 3.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redislabs Redis

Timeline

PublishedJun 16

Latest updateMay 14

Description

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDredislabs/redis< 5.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-wjvh-g4jc-jg48: Type confusion in the xgroupCommand function in t_stream↗2022-05-14

▶

CVEList

CVE-2018-12453: Type confusion in the xgroupCommand function in t_stream↗2018-06-16

▶

💥Exploits & PoCs

Exploit-DB

Redis 5.0 - Denial of Service↗2018-06-20

▶

📋Vendor Advisories

Red Hat

redis: type confusion in the xgroupCommand function in t_stream.c↗2018-06-10

▶

Debian

CVE-2018-12453: redis - Type confusion in the xgroupCommand function in t_stream.c in redis-server in Re...↗2018

▶

💬Community

Bugzilla

CVE-2018-12453 redis: type confusion in the xgroupCommand function in t_stream.c↗2018-06-19

▶

Bugzilla

CVE-2018-12453 redis: type confusion in the xgroupCommand function in t_stream.c [fedora-all]↗2018-06-19

▶

Bugzilla

CVE-2018-12453 redis: type confusion in the xgroupCommand function in t_stream.c [epel-all]↗2018-06-19

▶