Vulnerabilities > CVE-2018-11219 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
redislabs
debian
oracle
redhat
CWE-190
critical
nessus

Summary

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

Vulnerable Configurations

Part Description Count
Application
Redislabs
202
Application
Oracle
2
Application
Redhat
2
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4230.NASL
    descriptionMultiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id110571
    published2018-06-18
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110571
    titleDebian DSA-4230-1 : redis - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-667.NASL
    descriptionThis update for redis to 4.0.10 fixes the following issues : These security issues were fixed : - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430). - CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768). For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For additional details please see - https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES
    last seen2020-06-05
    modified2018-06-25
    plugin id110678
    published2018-06-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110678
    titleopenSUSE Security Update : redis (openSUSE-2018-667)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-04 (Redis: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127562
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127562
    titleGLSA-201908-04 : Redis: Multiple vulnerabilities
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0070_VIM.NASL
    descriptionAn update of the vim package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121965
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121965
    titlePhoton OS 2.0: Vim PHSA-2018-2.0-0070
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0156.NASL
    descriptionAn update of 'redis' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111940
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111940
    titlePhoton OS 1.0: Redis PHSA-2018-1.0-0156 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0156_REDIS.NASL
    descriptionAn update of the redis package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121854
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121854
    titlePhoton OS 1.0: Redis PHSA-2018-1.0-0156
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-481.NASL
    descriptionThis update for redis to 4.0.10 fixes the following issues : These security issues were fixed : - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430). - CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768). For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For additional details please see - https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES
    last seen2020-05-31
    modified2019-03-27
    plugin id123199
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123199
    titleopenSUSE Security Update : redis (openSUSE-2019-481)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0070.NASL
    descriptionAn update of 'redis', 'vim' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111955
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111955
    titlePhoton OS 2.0: Redis / Vim PHSA-2018-2.0-0070 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0070_REDIS.NASL
    descriptionAn update of the redis package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121964
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121964
    titlePhoton OS 2.0: Redis PHSA-2018-2.0-0070

Redhat

advisories
  • rhsa
    idRHSA-2019:0052
  • rhsa
    idRHSA-2019:0094
  • rhsa
    idRHSA-2019:1860
rpms
  • redis-0:3.0.6-4.el7ost
  • redis-debuginfo-0:3.0.6-4.el7ost
  • redis-0:3.2.8-3.el7ost
  • redis-debuginfo-0:3.2.8-3.el7ost
  • rh-redis32-redis-0:3.2.13-1.el6
  • rh-redis32-redis-0:3.2.13-1.el7
  • rh-redis32-redis-debuginfo-0:3.2.13-1.el6
  • rh-redis32-redis-debuginfo-0:3.2.13-1.el7