VDB
CVE-2018-12326
CVE-2018-12326
PUBLISHED
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
EPSS 41.83% · 97.5th percentile
Risk Scores
EPSS Score
41.83%
97.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | redis | 0, 2:2.6.13-1, 2:2.6.16-3 |
| Ubuntu:18.04:LTS | redis | 0, 4:4.0.1-7, 4:4.0.2-6 |
| Ubuntu:16.04:LTS | redis | 0, 2:3.0.3-3, 2:3.0.5-1 |
Exploit Intelligence
- spasm5/CVE-2018-12326 (github-poc-repo)
- spasm5/CVE-2018-12326 (github-poc-repo)
- spasm5/CVE-2018-12326 (github-poc-repo)
- spasm5/CVE-2018-12326 (github-poc-repo)
- spasm5/CVE-2018-12326 (github-poc-repo)
- spasm5/CVE-2018-12326 (github-poc)
- spasm5/CVE-2018-12326 (github-poc)
- spasm5/CVE-2018-12326 (github-poc)
- spasm5/CVE-2018-12326 (github-poc)
- https://www.exploit-db.com/exploits/44904/ (nist-nvd)
…and 2 more exploits
Timeline
- Jun 17, 2018 CVE Published
- Jun 19, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Jun 3, 2022 EPSS Score
- Aug 24, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 5, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-12326 third-party-advisory
- https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 third-party-advisory
- https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50 third-party-advisory
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES third-party-advisory
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12326 third-party-advisory