Vulnerabilities > CVE-2018-12453 - Incorrect Type Conversion or Cast vulnerability in Redislabs Redis
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Redis 5.0 - Denial of Service. CVE-2018-12453. Dos exploit for Linux platform |
file | exploits/linux/dos/44908.txt |
id | EDB-ID:44908 |
last seen | 2018-06-20 |
modified | 2018-06-20 |
platform | linux |
port | |
published | 2018-06-20 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/44908/ |
title | Redis 5.0 - Denial of Service |
type | dos |
Packetstorm
data source | https://packetstormsecurity.com/files/download/148270/redis50-dos.txt |
id | PACKETSTORM:148270 |
last seen | 2018-06-23 |
published | 2018-06-21 |
reporter | Fakhri Zulkifli |
source | https://packetstormsecurity.com/files/148270/Redis-5.0-Denial-Of-Service.html |
title | Redis 5.0 Denial Of Service |
References
- https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
- https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
- https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6
- https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6
- https://www.exploit-db.com/exploits/44908/
- https://www.exploit-db.com/exploits/44908/