PT-2018-2777 · Redis+2 · Redis+2

Publicado

2018-06-13

·

Atualizado

2024-06-15

·

CVE-2018-11218

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 3.2.12 Redis versions 4.x prior to 4.0.10 Redis versions 5.x prior to 5.0 RC2
Description A Memory Corruption issue was discovered in the cmsgpack library of the Lua subsystem due to stack-based buffer overflows. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Redis versions prior to 3.2.12, update to version 3.2.12 or later. For Redis versions 4.x prior to 4.0.10, update to version 4.0.10 or later. For Redis versions 5.x prior to 5.0 RC2, update to version 5.0 RC2 or later.

Exploit

Correção

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-119

Identificadores relacionados

ALT-PU-2018-1906
BDU:2019-01775
CVE-2018-11218
DLA-1396-1
DSA-4230-1
MGASA-2018-0309
OPENSUSE-SU-2018_1802-1
OPENSUSE-SU-2024:11299-1
RHSA-2019:0052
RHSA-2019:0094
RHSA-2019:1860
SUSE-OU-2020:3291-1

Produtos afetados

Alt Linux
Redis
Suse