CVE-2018-11218

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-11218
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11218.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-11218
Downstream
Related
Published
2018-06-17T17:29:00.277Z
Modified
2026-03-15T22:17:42.576235Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
52a00201fca331217c3b4b8b634f6a0f57d6b7d3
Fixed
5ccb6f7a791bf3490357b00a898885759d98bab0
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
590f537420e81832c3893418e608cd6ab3cc7c5f
Introduced
05b81d2b02578d432329c87c93f975e582d14c0e
Fixed
556b2d2bee22d1307e696090c9be10fc10a47cd3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ee4a1c9806aab459d05e60751e07d86a4bebd78
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
05b81d2b02578d432329c87c93f975e582d14c0e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.12"
        },
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.0.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "337766185303747225584829759257532524896",
                "269585019922283674827343408182435343615",
                "276347650036692000891895548078094052707",
                "88582443100287800726424792687028816609",
                "215777682687045503648306437104834133475",
                "315333490960664396032101522782947153987",
                "10910213948860138306909571335153854827",
                "28783296134346588523338121042580242026",
                "279852048722243758705988283443776485073",
                "212853258189081442450138799002831747316",
                "323913027355331421238764094451433662322",
                "154914356849450609493502313672812439413",
                "74789942888360740357788701470883649993",
                "240347877613534950699364977574334514996",
                "269122171257432780629855963042852510175",
                "125419494530020957839546715759395098309",
                "22534044122641578125746183834446652944",
                "126408283396505436829412180114435961825"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-11218-2b05667f",
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    },
    {
        "digest": {
            "length": 582.0,
            "function_hash": "190332315271629174314866782873653742877"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-2f74bf2c",
        "target": {
            "function": "mp_pack",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    },
    {
        "digest": {
            "length": 380.0,
            "function_hash": "8580406164265631604237048477084312894"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-3d8a2ad2",
        "target": {
            "function": "mp_encode_lua_table_as_map",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    },
    {
        "digest": {
            "length": 372.0,
            "function_hash": "68377607274585305145251627420235568498"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-445ec40c",
        "target": {
            "function": "mp_encode_lua_table_as_array",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "16911033430593959714276436254180720746",
                "118647126258626533724160258916734123784",
                "266997613451356111695635551196073534977"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2018-11218-700a840d",
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"
    },
    {
        "digest": {
            "length": 980.0,
            "function_hash": "90928435928387655241801909522494201752"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-cbc76614",
        "target": {
            "function": "mp_unpack_full",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    },
    {
        "digest": {
            "length": 471.0,
            "function_hash": "311114601621233800883377513176254974414"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-d30d5814",
        "target": {
            "function": "mp_pack",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"
    },
    {
        "digest": {
            "length": 274.0,
            "function_hash": "14712776452728800459135148564539305452"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2018-11218-ef10caed",
        "target": {
            "function": "mp_decode_to_lua_array",
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11218.json"