CVE-2018-11218 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-11218 PUBLISHED

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

EPSS 80.30% · 99.1th percentile

Risk Scores

EPSS Score

80.30%

99.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	redis	2:3.0.3-3, 2:3.0.5-1, 2:3.0.5-2
Ubuntu:14.04:LTS	redis	0, 2:2.6.13-1, 2:2.6.16-3
Ubuntu:18.04:LTS	redis	0, 4:4.0.1-7, 4:4.0.2-6

Timeline

Jun 17, 2018 CVE Published
Apr 14, 2021 EPSS Score
Mar 7, 2023 EPSS Score
Nov 8, 2023 EPSS Score
Aug 5, 2024 CVE Updated
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 28, 2025 EPSS Score
Jun 6, 2025 EPSS Score
Jun 14, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-11218 third-party-advisory
https://github.com/antirez/redis/issues/5017 third-party-advisory
http://antirez.com/news/119 third-party-advisory
https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 third-party-advisory
https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0 third-party-advisory
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES third-party-advisory
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES third-party-advisory
https://www.debian.org/security/2018/dsa-4230 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-11218 third-party-advisory

Open in Interactive Console →