Candidate: CVE-2018-11219
PublicDate: 2018-06-17 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11219
 https://github.com/antirez/redis/issues/5017
 http://antirez.com/news/119
 https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
 https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
 https://www.debian.org/security/2018/dsa-4230
Description:
 An Integer Overflow issue was discovered in the struct library in the Lua
 subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0
 RC2, leading to a failure of bounds checking.
Ubuntu-Description:
 It was discovered that Redis incorrectly handled integers. An attacker
 could possibly use this issue to cause a denial of service.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901495
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_redis:
upstream_redis: released (5:4.0.10-1)
precise/esm_redis: DNE
trusty_redis: released (2:2.8.4-2ubuntu0.2)
trusty/esm_redis: released (2:2.8.4-2ubuntu0.2)
xenial_redis: released (2:3.0.6-1ubuntu0.2)
artful_redis: ignored (reached end-of-life)
bionic_redis: released (5:4.0.9-1ubuntu0.1)
cosmic_redis: not-affected (5:4.0.11-2)
devel_redis: not-affected (5:4.0.11-2)