CVE-2018-11219

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-11219
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11219.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-11219
Downstream
Related
Published
2018-06-17T17:29:00.337Z
Modified
2025-11-14T05:25:36.242057Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Fixed
e89086e09a38cc6713bcd4b9c29abf92cf393936

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "156998582815863949110707897650570902038",
            "length": 1801.0
        },
        "source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2018-11219-2fb3402e",
        "target": {
            "function": "b_unpack",
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "function_hash": "212353940668053933632077966106377345980",
            "length": 380.0
        },
        "source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2018-11219-577231ed",
        "target": {
            "function": "getnum",
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "function_hash": "209148936099144138409285023791391343778",
            "length": 543.0
        },
        "source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2018-11219-b43d06ac",
        "target": {
            "function": "controloptions",
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "168373412945031965907402107476021133992",
                "272892044190705700062078611022644439720",
                "228525912110099120508736223999310695761",
                "321520925076184132553555696685380867844",
                "226344970104587219991467285567669909782",
                "35370939124402886622055283277166362346",
                "163727175024992955792878788276909825715",
                "108973603913098139983073012818738577869",
                "125225676376570264547547046434583771890",
                "254314493613157949922272427441939407280",
                "156735679060301618822301251734847552268"
            ]
        },
        "source": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2018-11219-bf7a3089",
        "target": {
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "function_hash": "145616438999787387902890994110005036109",
            "length": 663.0
        },
        "source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2018-11219-eec1e6df",
        "target": {
            "function": "optsize",
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "function_hash": "54993881097897325813917195284184958249",
            "length": 1857.0
        },
        "source": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2018-11219-efe5af0a",
        "target": {
            "function": "b_unpack",
            "file": "deps/lua/src/lua_struct.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "298580714090721287723395818138119191421",
                "252260118326799049191156181394685749318",
                "140212443415647500912109205308826769500",
                "47010833300303086681847101454590249461",
                "2250722161879345816330442566485950611",
                "291778318289862582589671380180879160640",
                "334836077840905045155583947536240977132",
                "75257252756429438366239461806916592544",
                "328810329053557788914453396839483306372",
                "128854904967302558653028066436045146216",
                "18412046823770042382161477427479286047",
                "61915029324611414734672095656655490873",
                "194538167452478719857363951948039156123",
                "219285841976367303374237696455245299327",
                "130487431531773260282343331813662805546",
                "62896359733481919104079431318740588747",
                "79844671906440840823825256474367351454",
                "82136349130077275828760951476966216953",
                "322234568658267143906843575519826420808",
                "139114028757505796482812688056023538966",
                "289225860499092828678937269241542432163",
                "77797580407604165072230177310498680959",
                "168373412945031965907402107476021133992",
                "108037414154487157696867202164748404445",
                "208356851892411336592574217935585386516",
                "47106722993918210117544422346340290358",
                "21791877383518593155678106108791587978",
                "20850546642795143188783712065105233341",
                "163727175024992955792878788276909825715",
                "108973603913098139983073012818738577869",
                "15499872908595194586740821170849301573",
                "169145434793424387054515110403785948365",
                "59519322099621665956313398082796312715",
                "301212329898690295042520218826794492500",
                "140941388783461090503284320953709146797",
                "141227304176044902484071393133233614897",
                "144306291186590211077217811039990636776",
                "106027017699778854473997237118722823636",
                "267131521315032103563808361970758675778",
                "1714716726188693615910796499974461902",
                "169121770171529514691400166416816981226",
                "123352208524936969230347592533202474306",
                "285056854302858864433770168163440928731",
                "223785330780789148016638103554505257989",
                "290566257827539859525725047573530567630",
                "25356015284263783552842320814865837727",
                "238724153312891801286838161365304137833",
                "246387191399888482141130178491137180089",
                "60701822861080839838778561027141136119",
                "280559594410255015805833660383253397132",
                "131908187563153626998711924334711208345",
                "236402879666547886027996341604403112145",
                "318998145842192375326652381232556953270",
                "28593654267163811115470499126755452487",
                "249633165904829054090068913476207506134",
                "272457109871804795909408145004251813287",
                "161816937436399734229004187364207164125",
                "336370852992307680526196505451131149509",
                "259581184911959757255766743345245264089",
                "149796673275637912553687467612606701156",
                "45832761761244833252541380849002175680",
                "33937314411747762345124812805300971355",
                "237318707970637163863278359279516144105",
                "13584478558334836220353399003482400890",
                "182221358021094585680422976102204927077",
                "237023239954917320437254265112690021081",
                "165506645965077670135472079513144121245",
                "171952448348829799112676502898043350451",
                "83898518539303761145707659292340160913",
                "165870156833943621846292022824591794500",
                "281885183428382963268704658206933507576",
                "85896486230917866628400087274038490965",
                "48369128971045397324653364454054827249",
                "220000325575662767371133681217059151959",
                "325466934575822102384521846024203885276"
            ]
        },
        "source": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2018-11219-f066305b",
        "target": {
            "file": "deps/lua/src/lua_struct.c"
        }
    }
]

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
590f537420e81832c3893418e608cd6ab3cc7c5f

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0
3.2-rc1
3.2.0
3.2.0-rc2
3.2.0-rc3
3.2.1
3.2.10
3.2.11
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore