{"id":"CVE-2018-11218","details":"Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.","modified":"2026-04-16T01:37:53.860325278Z","published":"2018-06-17T17:29:00.277Z","related":["SUSE-OU-2020:3291-1","openSUSE-SU-2024:11299-1"],"references":[{"type":"ADVISORY","url":"http://antirez.com/news/119"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104553"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0052"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0094"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1860"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/issues/5017"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201908-04"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4230"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"EVIDENCE","url":"http://antirez.com/news/119"},{"type":"EVIDENCE","url":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/antirez/redis","events":[{"introduced":"0"},{"fixed":"52a00201fca331217c3b4b8b634f6a0f57d6b7d3"},{"introduced":"0"},{"fixed":"5ccb6f7a791bf3490357b00a898885759d98bab0"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11218.json","vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["16911033430593959714276436254180720746","118647126258626533724160258916734123784","266997613451356111695635551196073534977"],"threshold":0.9},"source":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3","signature_version":"v1","id":"CVE-2018-11218-700a840d","signature_type":"Line","target":{"file":"deps/lua/src/lua_cmsgpack.c"}},{"deprecated":false,"digest":{"length":471,"function_hash":"311114601621233800883377513176254974414"},"source":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3","signature_version":"v1","target":{"file":"deps/lua/src/lua_cmsgpack.c","function":"mp_pack"},"signature_type":"Function","id":"CVE-2018-11218-d30d5814"}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"05b81d2b02578d432329c87c93f975e582d14c0e"},{"fixed":"556b2d2bee22d1307e696090c9be10fc10a47cd3"}]}],"versions":["4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11218.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}