{"id":"CVE-2018-12326","details":"Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.","modified":"2026-02-21T07:21:41.481248Z","published":"2018-06-17T14:29:00.260Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0052"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0094"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1860"},{"type":"ADVISORY","url":"https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/44904/"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50"},{"type":"FIX","url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"},{"type":"FIX","url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44904/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/antirez/redis","events":[{"introduced":"0"},{"fixed":"9fdcc15962f9ff4baebe6fdd947816f43f730d50"}]}],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2018-12326-0f5a0e11","digest":{"length":537,"function_hash":"146144452659066842643855273798132026598"},"target":{"function":"cliRefreshPrompt","file":"src/redis-cli.c"},"source":"https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"id":"CVE-2018-12326-9732fa61","digest":{"threshold":0.9,"line_hashes":["146264985553595089145888339228984694289","113754568195038235696637820371386473616","224911718037559361398808131730777104524","134658735481029258007295347194332157557","21567913034220869488508823767117699260","296618262718945337247626838152582925210","82872893145819204693760210741615528741","178152789952146131277788812814427986525","35565501370380585105578981504713198831","185859955516836619073481433019209676413","141760063213812449782793380496342905096","249660733661301555995076314996295137465","215039319072738157660098692135707269863","41518852328670001634063818553895915199","124095596589395108240262028786891795258"]},"target":{"file":"src/redis-cli.c"},"source":"https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50","signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12326.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}