CVE-2018-11218

CRITICAL

Redis < 3.2.12 - Out-of-Bounds Write

Title source: rule

Description

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

Exploits (1)

metasploit WORKING POC GOOD
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redis_replication_cmd_exec.rb

References (13)

Scores

CVSS v3 9.8
EPSS 0.8030
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (7)
debian/debian_linux 9.0
oracle/communications_operations_monitor 3.4
oracle/communications_operations_monitor 4.0
redhat/openstack 10
redhat/openstack 13
redislabs/redis 5.0 rc1
redislabs/redis < 3.2.12
Published Jun 17, 2018
Tracked Since Feb 18, 2026