Vulnerability Details : CVE-2018-11219
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Vulnerability category: Overflow
Products affected by CVE-2018-11219
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*
Threat overview for CVE-2018-11219
Top countries where our scanners detected CVE-2018-11219
Top open port discovered on systems with this issue
6379
IPs affected by CVE-2018-11219 13,909
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-11219!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-11219
1.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-11219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-11219
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11219
-
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Third Party Advisory
-
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
Third Party Advisory
-
https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Security: update Lua struct package for security. · antirez/redis@1eb08bc · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1860
RHSA-2019:1860 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201908-04
Redis: Multiple vulnerabilities (GLSA 201908-04) — Gentoo security
-
http://antirez.com/news/119
Redis Lua scripting: several security vulnerabilities fixed - <antirez>Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/104552
Redis CVE-2018-11219 Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
Security: fix Lua struct package offset handling. · antirez/redis@e89086e · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0094
RHSA-2019:0094 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4230
Debian -- Security Information -- DSA-4230-1 redisThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0052
RHSA-2019:0052 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://github.com/antirez/redis/issues/5017
Redis Lua scripting: multiple security issues · Issue #5017 · antirez/redis · GitHubThird Party Advisory
Jump to