CVE-2018-11219
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-11219
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11219.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-11219
- Downstream
- Related
- Published
- 2018-06-17T17:29:00Z
- Modified
- 2025-10-31T04:02:13.585405Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
- References
-
- http://antirez.com/news/119
- http://www.securityfocus.com/bid/104552
- https://access.redhat.com/errata/RHSA-2019:0052
- https://access.redhat.com/errata/RHSA-2019:0094
- https://access.redhat.com/errata/RHSA-2019:1860
- https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
- https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
- https://github.com/antirez/redis/issues/5017
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://security.gentoo.org/glsa/201908-04
- https://www.debian.org/security/2018/dsa-4230
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Affected packages
Git / github.com/antirez/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/antirez/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"id": "CVE-2018-11219-2fb3402e",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "b_unpack",
"file": "deps/lua/src/lua_struct.c"
},
"digest": {
"length": 1801.0,
"function_hash": "156998582815863949110707897650570902038"
},
"signature_type": "Function"
},
{
"source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"id": "CVE-2018-11219-577231ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "getnum",
"file": "deps/lua/src/lua_struct.c"
},
"digest": {
"length": 380.0,
"function_hash": "212353940668053933632077966106377345980"
},
"signature_type": "Function"
},
{
"source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"id": "CVE-2018-11219-b43d06ac",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "controloptions",
"file": "deps/lua/src/lua_struct.c"
},
"digest": {
"length": 543.0,
"function_hash": "209148936099144138409285023791391343778"
},
"signature_type": "Function"
},
{
"source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"id": "CVE-2018-11219-eec1e6df",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "optsize",
"file": "deps/lua/src/lua_struct.c"
},
"digest": {
"length": 663.0,
"function_hash": "145616438999787387902890994110005036109"
},
"signature_type": "Function"
},
{
"source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"id": "CVE-2018-11219-f066305b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "deps/lua/src/lua_struct.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"298580714090721287723395818138119191421",
"252260118326799049191156181394685749318",
"140212443415647500912109205308826769500",
"47010833300303086681847101454590249461",
"2250722161879345816330442566485950611",
"291778318289862582589671380180879160640",
"334836077840905045155583947536240977132",
"75257252756429438366239461806916592544",
"328810329053557788914453396839483306372",
"128854904967302558653028066436045146216",
"18412046823770042382161477427479286047",
"61915029324611414734672095656655490873",
"194538167452478719857363951948039156123",
"219285841976367303374237696455245299327",
"130487431531773260282343331813662805546",
"62896359733481919104079431318740588747",
"79844671906440840823825256474367351454",
"82136349130077275828760951476966216953",
"322234568658267143906843575519826420808",
"139114028757505796482812688056023538966",
"289225860499092828678937269241542432163",
"77797580407604165072230177310498680959",
"168373412945031965907402107476021133992",
"108037414154487157696867202164748404445",
"208356851892411336592574217935585386516",
"47106722993918210117544422346340290358",
"21791877383518593155678106108791587978",
"20850546642795143188783712065105233341",
"163727175024992955792878788276909825715",
"108973603913098139983073012818738577869",
"15499872908595194586740821170849301573",
"169145434793424387054515110403785948365",
"59519322099621665956313398082796312715",
"301212329898690295042520218826794492500",
"140941388783461090503284320953709146797",
"141227304176044902484071393133233614897",
"144306291186590211077217811039990636776",
"106027017699778854473997237118722823636",
"267131521315032103563808361970758675778",
"1714716726188693615910796499974461902",
"169121770171529514691400166416816981226",
"123352208524936969230347592533202474306",
"285056854302858864433770168163440928731",
"223785330780789148016638103554505257989",
"290566257827539859525725047573530567630",
"25356015284263783552842320814865837727",
"238724153312891801286838161365304137833",
"246387191399888482141130178491137180089",
"60701822861080839838778561027141136119",
"280559594410255015805833660383253397132",
"131908187563153626998711924334711208345",
"236402879666547886027996341604403112145",
"318998145842192375326652381232556953270",
"28593654267163811115470499126755452487",
"249633165904829054090068913476207506134",
"272457109871804795909408145004251813287",
"161816937436399734229004187364207164125",
"336370852992307680526196505451131149509",
"259581184911959757255766743345245264089",
"149796673275637912553687467612606701156",
"45832761761244833252541380849002175680",
"33937314411747762345124812805300971355",
"237318707970637163863278359279516144105",
"13584478558334836220353399003482400890",
"182221358021094585680422976102204927077",
"237023239954917320437254265112690021081",
"165506645965077670135472079513144121245",
"171952448348829799112676502898043350451",
"83898518539303761145707659292340160913",
"165870156833943621846292022824591794500",
"281885183428382963268704658206933507576",
"85896486230917866628400087274038490965",
"48369128971045397324653364454054827249",
"220000325575662767371133681217059151959",
"325466934575822102384521846024203885276"
]
},
"signature_type": "Line"
}
]
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
3.2-rc1
3.2.0
3.2.0-rc2
3.2.0-rc3
3.2.1
3.2.10
3.2.11
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore