CVE-2018-11218

CRITICAL

Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Memory Corruption via Lua cmsgpack Library

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11218. Includes Metasploit module exploits/linux/redis/redis_replication_cmd_exec.

AI-analyzed exploit summary This Metasploit module exploits Redis replication functionality to achieve remote code execution by leveraging the module loading feature in Redis 4.x and 5.x. It sets up a rogue Redis server to deliver a malicious module payload to a vulnerable Redis instance.

Description

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

Exploits (1)

metasploit WORKING POC GOOD

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redis_replication_cmd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits Redis replication functionality to achieve remote code execution by leveraging the module loading feature in Redis 4.x and 5.x. It sets up a rogue Redis server to deliver a malicious module payload to a vulnerable Redis instance.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Redis 4.x and 5.x

No auth needed

Prerequisites: Network access to Redis server · Redis server with replication enabled · Redis version 4.x or 5.x

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104553

Third Party Advisory x_refsource_misc

https://github.com/antirez/redis/issues/5017

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4230

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:0052

Patch, Third Party Advisory x_refsource_misc

https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0

View Patch ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

http://antirez.com/news/119

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3

View Exploit ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:0094

Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES

Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1860

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201908-04

Scores

CVSS v3 9.8

EPSS 0.5942

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (7)

debian/debian_linux 9.0

oracle/communications_operations_monitor 3.4

oracle/communications_operations_monitor 4.0

redhat/openstack 10

redhat/openstack 13

redislabs/redis 5.0 rc1

redislabs/redis < 3.2.12

Published Jun 17, 2018

Tracked Since Feb 18, 2026