{"id":"CVE-2018-11219","details":"An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.","modified":"2026-02-23T08:09:34.031232Z","published":"2018-06-17T17:29:00.337Z","related":["MGASA-2018-0309","SUSE-OU-2020:3291-1"],"references":[{"type":"ADVISORY","url":"http://antirez.com/news/119"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104552"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0052"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0094"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1860"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/issues/5017"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201908-04"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4230"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"EVIDENCE","url":"http://antirez.com/news/119"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/antirez/redis","events":[{"introduced":"0"},{"fixed":"1eb08bcd4634ae42ec45e8284923ac048beaa4c3"},{"introduced":"0"},{"fixed":"e89086e09a38cc6713bcd4b9c29abf92cf393936"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11219.json","vanir_signatures":[{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c","function":"b_unpack"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","digest":{"length":1801,"function_hash":"156998582815863949110707897650570902038"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-11219-2fb3402e"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c","function":"getnum"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","digest":{"length":380,"function_hash":"212353940668053933632077966106377345980"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-11219-577231ed"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c","function":"controloptions"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","digest":{"length":543,"function_hash":"209148936099144138409285023791391343778"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-11219-b43d06ac"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c"},"source":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936","digest":{"line_hashes":["168373412945031965907402107476021133992","272892044190705700062078611022644439720","228525912110099120508736223999310695761","321520925076184132553555696685380867844","226344970104587219991467285567669909782","35370939124402886622055283277166362346","163727175024992955792878788276909825715","108973603913098139983073012818738577869","125225676376570264547547046434583771890","254314493613157949922272427441939407280","156735679060301618822301251734847552268"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","id":"CVE-2018-11219-bf7a3089"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c","function":"optsize"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","digest":{"length":663,"function_hash":"145616438999787387902890994110005036109"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-11219-eec1e6df"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c","function":"b_unpack"},"source":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936","digest":{"length":1857,"function_hash":"54993881097897325813917195284184958249"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-11219-efe5af0a"},{"deprecated":false,"target":{"file":"deps/lua/src/lua_struct.c"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","digest":{"line_hashes":["298580714090721287723395818138119191421","252260118326799049191156181394685749318","140212443415647500912109205308826769500","47010833300303086681847101454590249461","2250722161879345816330442566485950611","291778318289862582589671380180879160640","334836077840905045155583947536240977132","75257252756429438366239461806916592544","328810329053557788914453396839483306372","128854904967302558653028066436045146216","18412046823770042382161477427479286047","61915029324611414734672095656655490873","194538167452478719857363951948039156123","219285841976367303374237696455245299327","130487431531773260282343331813662805546","62896359733481919104079431318740588747","79844671906440840823825256474367351454","82136349130077275828760951476966216953","322234568658267143906843575519826420808","139114028757505796482812688056023538966","289225860499092828678937269241542432163","77797580407604165072230177310498680959","168373412945031965907402107476021133992","108037414154487157696867202164748404445","208356851892411336592574217935585386516","47106722993918210117544422346340290358","21791877383518593155678106108791587978","20850546642795143188783712065105233341","163727175024992955792878788276909825715","108973603913098139983073012818738577869","15499872908595194586740821170849301573","169145434793424387054515110403785948365","59519322099621665956313398082796312715","301212329898690295042520218826794492500","140941388783461090503284320953709146797","141227304176044902484071393133233614897","144306291186590211077217811039990636776","106027017699778854473997237118722823636","267131521315032103563808361970758675778","1714716726188693615910796499974461902","169121770171529514691400166416816981226","123352208524936969230347592533202474306","285056854302858864433770168163440928731","223785330780789148016638103554505257989","290566257827539859525725047573530567630","25356015284263783552842320814865837727","238724153312891801286838161365304137833","246387191399888482141130178491137180089","60701822861080839838778561027141136119","280559594410255015805833660383253397132","131908187563153626998711924334711208345","236402879666547886027996341604403112145","318998145842192375326652381232556953270","28593654267163811115470499126755452487","249633165904829054090068913476207506134","272457109871804795909408145004251813287","161816937436399734229004187364207164125","336370852992307680526196505451131149509","259581184911959757255766743345245264089","149796673275637912553687467612606701156","45832761761244833252541380849002175680","33937314411747762345124812805300971355","237318707970637163863278359279516144105","13584478558334836220353399003482400890","182221358021094585680422976102204927077","237023239954917320437254265112690021081","165506645965077670135472079513144121245","171952448348829799112676502898043350451","83898518539303761145707659292340160913","165870156833943621846292022824591794500","281885183428382963268704658206933507576","85896486230917866628400087274038490965","48369128971045397324653364454054827249","220000325575662767371133681217059151959","325466934575822102384521846024203885276"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","id":"CVE-2018-11219-f066305b"}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"05b81d2b02578d432329c87c93f975e582d14c0e"},{"fixed":"556b2d2bee22d1307e696090c9be10fc10a47cd3"}]}],"versions":["4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11219.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}