Buffer overflow in Redis - CVE-2018-12326
Published: June 19, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU13401
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear
CVE-ID: CVE-2018-12326
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Salvatore Sanfilippo
Affected software:
Redis
Redis
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a buffer overflow condition in the redis-clicomponent. A local attacker can execute a specially crafted command that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-12326
Update to version 4.0.10, 5.0 RC3.