CVE-2018-11219
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
| Software | From | Fixed in |
|---|---|---|
| redislabs / redis | 5.0-rc1 | 5.0-rc1.x |
| redislabs / redis | - | 3.2.12 |
| redislabs / redis | 4.0 | 4.0.10 |
| debian / debian_linux | 9.0 | 9.0.x |
| oracle / communications_operations_monitor | 3.4 | 3.4.x |
| oracle / communications_operations_monitor | 4.0 | 4.0.x |
| redhat / openstack | 10 | 10.x |
| redhat / openstack | 13 | 13.x |
- http://antirez.com/news/119
- http://www.securityfocus.com/bid/104552
- https://access.redhat.com/errata/RHSA-2019:0052
- https://access.redhat.com/errata/RHSA-2019:0094
- https://access.redhat.com/errata/RHSA-2019:1860
- https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
- https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
- https://github.com/antirez/redis/issues/5017
- https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
- https://security.gentoo.org/glsa/201908-04
- https://www.debian.org/security/2018/dsa-4230
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime