CVE-2018-12326

HIGH

Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-12326. PoCs published by Fakhri Zulkifli, spasm5.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in redis-cli versions 3.2, 4.0, and 5.0 by passing an excessively long hostname parameter, leading to a crash and potential code execution. The PoC uses a Python one-liner to generate a long string of 'A' characters to trigger the overflow.

Description

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.

Exploits (2)

exploitdb WORKING POC
by Fakhri Zulkifli · pythonlocallinux
https://www.exploit-db.com/exploits/44904

This exploit demonstrates a buffer overflow in redis-cli versions 3.2, 4.0, and 5.0 by passing an excessively long hostname parameter, leading to a crash and potential code execution. The PoC uses a Python one-liner to generate a long string of 'A' characters to trigger the overflow.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Redis redis-cli < 5.0 (3.2, 4.0, 5.0)
No auth needed
Prerequisites: Local access to execute redis-cli · Redis-cli binary vulnerable to the buffer overflow
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by spasm5 · poc
https://github.com/spasm5/CVE-2018-12326

This PoC demonstrates a buffer overflow vulnerability in redis-cli versions 3.2, 4.0, and 5.0, where a long string in the hostname parameter can lead to code execution and privilege escalation. The exploit triggers a crash via a crafted command-line argument, as shown in the provided stack trace.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Redis redis-cli < 5.0
No auth needed
Prerequisites: Local access to execute redis-cli
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44904/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0052
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0094
Patch, Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
Patch, Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1860

Scores

CVSS v3 8.4
EPSS 0.0268
EPSS Percentile 83.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
redislabs/redis 5.0 rc1 (2 CPE variants)
redislabs/redis < 4.0.10
Published Jun 17, 2018
Tracked Since Feb 18, 2026