CVE-2018-12326

Name of the Vulnerable Software and Affected Versions Redis versions prior to 4.0.10 Redis versions 5.x prior to 5.0 RC3

Description The issue is related to a buffer overflow in the redis-cli interface of the Redis database management system. This buffer overflow is due to improper restriction of operations within a memory buffer. An attacker can exploit this issue by using a crafted command line, potentially leading to code execution, privilege escalation, and access to confidential data. The exploitation could also disrupt data integrity and cause a denial of service.

Recommendations For Redis versions prior to 4.0.10, update to version 4.0.10 or later. For Redis versions 5.x prior to 5.0 RC3, update to version 5.0 RC3 or later. As a temporary workaround, consider restricting the use of the redis-cli interface until a patch is applied. Avoid using the redis-cli with untrusted input, especially with arguments like hostname (-h) that could be manipulated by an attacker.