CVE-2018-12453

HIGH

Redis < 5.0 - Denial of Service via XGROUP Command Type Confusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12453. PoCs published by Fakhri Zulkifli.

AI-analyzed exploit summary This exploit demonstrates a type confusion vulnerability in Redis 5.0's xgroupCommand function, leading to a denial-of-service (DoS) via a segfault when an XGROUP command is executed on a non-stream key.

Description

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.

Exploits (1)

exploitdb WORKING POC

by Fakhri Zulkifli · textdoslinux

https://www.exploit-db.com/exploits/44908

View Code ZIP pw:eip

This exploit demonstrates a type confusion vulnerability in Redis 5.0's xgroupCommand function, leading to a denial-of-service (DoS) via a segfault when an XGROUP command is executed on a non-stream key.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Redis 5.0

No auth needed

Prerequisites: Redis server running version 5.0 · Network access to the Redis server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44908/

Exploit, Third Party Advisory x_refsource_misc

https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5

Patch, Third Party Advisory x_refsource_misc

https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.2418

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-704

Status published

Products (1)

redislabs/redis < 5.0

Published Jun 16, 2018

Tracked Since Feb 18, 2026