CVE-2018-11218
CVE-2018-11218
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 58.5%KEV nãoPoC —Nuclei —Metasploit simPatch referenciado
Lifecycle
17 Jun 2018Published on NVD
13 Nov 2018Metasploit module available
Weaponization speed
148 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
Affected products
n/a · n/aReferences
http://antirez.com/news/119https://access.redhat.com/errata/RHSA-2019:0052https://access.redhat.com/errata/RHSA-2019:0094https://access.redhat.com/errata/RHSA-2019:1860https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0https://github.com/antirez/redis/issues/5017https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTEShttps://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTEShttps://security.gentoo.org/glsa/201908-04https://www.debian.org/security/2018/dsa-4230https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html