Vulnerabilities > CVE-2018-12453 - Incorrect Type Conversion or Cast vulnerability in Redislabs Redis

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redislabs
CWE-704
exploit available

Summary

Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.

Vulnerable Configurations

Part Description Count
Application
Redislabs
208

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionRedis 5.0 - Denial of Service. CVE-2018-12453. Dos exploit for Linux platform
fileexploits/linux/dos/44908.txt
idEDB-ID:44908
last seen2018-06-20
modified2018-06-20
platformlinux
port
published2018-06-20
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44908/
titleRedis 5.0 - Denial of Service
typedos

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148270/redis50-dos.txt
idPACKETSTORM:148270
last seen2018-06-23
published2018-06-21
reporterFakhri Zulkifli
sourcehttps://packetstormsecurity.com/files/148270/Redis-5.0-Denial-Of-Service.html
titleRedis 5.0 Denial Of Service