Description
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104552
Third Party Advisory x_refsource_misc
https://github.com/antirez/redis/issues/5017
Patch, Third Party Advisory x_refsource_misc
https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4230
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0052
Exploit, Third Party Advisory x_refsource_misc
http://antirez.com/news/119
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0094
Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
Patch, Third Party Advisory x_refsource_misc
https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1860
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-04
Scores
CVSS v3
9.8
EPSS
0.0279
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (7)
debian/debian_linux
9.0
oracle/communications_operations_monitor
3.4
oracle/communications_operations_monitor
4.0
redhat/openstack
10
redhat/openstack
13
redislabs/redis
5.0 rc1
redislabs/redis
< 3.2.12
Published
Jun 17, 2018
Tracked Since
Feb 18, 2026