#VU13401 Buffer overflow in Redis - CVE-2018-12326
Published: June 19, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU13401
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear
CVE-ID: CVE-2018-12326
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Redis
Redis
Software vendor:
Salvatore Sanfilippo
Salvatore Sanfilippo
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a buffer overflow condition in the redis-clicomponent. A local attacker can execute a specially crafted command that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Update to version 4.0.10, 5.0 RC3.