CVE-2018-12326

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-12326
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12326.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-12326
Downstream
Published
2018-06-17T14:29:00Z
Modified
2025-10-31T18:46:18.455806Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9fdcc15962f9ff4baebe6fdd947816f43f730d50

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2018-12326-0f5a0e11",
        "signature_type": "Function",
        "digest": {
            "length": 537.0,
            "function_hash": "146144452659066842643855273798132026598"
        },
        "target": {
            "file": "src/redis-cli.c",
            "function": "cliRefreshPrompt"
        },
        "source": "https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2018-12326-9732fa61",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "146264985553595089145888339228984694289",
                "113754568195038235696637820371386473616",
                "224911718037559361398808131730777104524",
                "134658735481029258007295347194332157557",
                "21567913034220869488508823767117699260",
                "296618262718945337247626838152582925210",
                "82872893145819204693760210741615528741",
                "178152789952146131277788812814427986525",
                "35565501370380585105578981504713198831",
                "185859955516836619073481433019209676413",
                "141760063213812449782793380496342905096",
                "249660733661301555995076314996295137465",
                "215039319072738157660098692135707269863",
                "41518852328670001634063818553895915199",
                "124095596589395108240262028786891795258"
            ]
        },
        "target": {
            "file": "src/redis-cli.c"
        },
        "source": "https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50",
        "deprecated": false
    }
]

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
556b2d2bee22d1307e696090c9be10fc10a47cd3

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0

4.*

4.0-rc1
4.0-rc2
4.0-rc3
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore