CVE-2018-12326
CVE-2018-12326
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/spasm5/CVE-2018-12326★ 0cve_referencewww.exploit-db.com/exploits/44904/unverifiedexploitdbwww.exploit-db.com/exploits/44904unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2019:0052https://access.redhat.com/errata/RHSA-2019:0094https://access.redhat.com/errata/RHSA-2019:1860https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTEShttps://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTEShttps://www.exploit-db.com/exploits/44904/