CVE-2018-11218

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-11218
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11218.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-11218
Downstream
Related
Published
2018-06-17T17:29:00.277Z
Modified
2025-12-08T18:59:27.453260Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
52a00201fca331217c3b4b8b634f6a0f57d6b7d3
Fixed
5ccb6f7a791bf3490357b00a898885759d98bab0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11218.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "337766185303747225584829759257532524896",
                "269585019922283674827343408182435343615",
                "276347650036692000891895548078094052707",
                "88582443100287800726424792687028816609",
                "215777682687045503648306437104834133475",
                "315333490960664396032101522782947153987",
                "10910213948860138306909571335153854827",
                "28783296134346588523338121042580242026",
                "279852048722243758705988283443776485073",
                "212853258189081442450138799002831747316",
                "323913027355331421238764094451433662322",
                "154914356849450609493502313672812439413",
                "74789942888360740357788701470883649993",
                "240347877613534950699364977574334514996",
                "269122171257432780629855963042852510175",
                "125419494530020957839546715759395098309",
                "22534044122641578125746183834446652944",
                "126408283396505436829412180114435961825"
            ]
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2018-11218-2b05667f"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "function_hash": "190332315271629174314866782873653742877",
            "length": 582.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_pack"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-2f74bf2c"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "function_hash": "8580406164265631604237048477084312894",
            "length": 380.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_encode_lua_table_as_map"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-3d8a2ad2"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "function_hash": "68377607274585305145251627420235568498",
            "length": 372.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_encode_lua_table_as_array"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-445ec40c"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "16911033430593959714276436254180720746",
                "118647126258626533724160258916734123784",
                "266997613451356111695635551196073534977"
            ]
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2018-11218-700a840d"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "function_hash": "90928435928387655241801909522494201752",
            "length": 980.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_unpack_full"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-cbc76614"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3",
        "digest": {
            "function_hash": "311114601621233800883377513176254974414",
            "length": 471.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_pack"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-d30d5814"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
        "digest": {
            "function_hash": "14712776452728800459135148564539305452",
            "length": 274.0
        },
        "target": {
            "file": "deps/lua/src/lua_cmsgpack.c",
            "function": "mp_decode_to_lua_array"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2018-11218-ef10caed"
    }
]

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
590f537420e81832c3893418e608cd6ab3cc7c5f

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0
3.2-rc1
3.2.0
3.2.0-rc2
3.2.0-rc3
3.2.1
3.2.10
3.2.11
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11218.json"