VDB
CVE-2018-11218
CVE-2018-11218
PUBLISHED
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
EPSS 83.00% · 99.3th percentile
Risk Scores
EPSS Score
83.00%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | redis | 2:3.0.5-4, 2:3.0.5-3, 2:3.0.3-3 |
| Ubuntu:14.04:LTS | redis | 0, 2:2.6.13-1, 2:2.6.16-3 |
| Ubuntu:18.04:LTS | redis | *, 5:4.0.8-1, 5:4.0.8-2 |
Exploit Intelligence
- https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 (nist-nvd)
- http://antirez.com/news/119 (vulncheck-nvd)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
Timeline
- Jun 17, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- May 27, 2024 EPSS Score
- Aug 5, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 25, 2025 EPSS Score
- Apr 28, 2025 EPSS Score
- Jun 6, 2025 EPSS Score
- Jun 14, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-11218 third-party-advisory
- https://github.com/antirez/redis/issues/5017 third-party-advisory
- http://antirez.com/news/119 third-party-advisory
- https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 third-party-advisory
- https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0 third-party-advisory
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES third-party-advisory
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES third-party-advisory
- https://www.debian.org/security/2018/dsa-4230 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-11218 third-party-advisory