{"id":"CVE-2018-11219","details":"An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.","modified":"2026-04-16T06:22:03.080835486Z","published":"2018-06-17T17:29:00.337Z","related":["SUSE-OU-2020:3291-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104552"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0052"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0094"},{"type":"ADVISORY","url":"https://github.com/antirez/redis/issues/5017"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201908-04"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4230"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1860"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"},{"type":"FIX","url":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"EVIDENCE","url":"http://antirez.com/news/119"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/antirez/redis","events":[{"introduced":"0"},{"fixed":"1eb08bcd4634ae42ec45e8284923ac048beaa4c3"},{"fixed":"e89086e09a38cc6713bcd4b9c29abf92cf393936"}]},{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"0"},{"fixed":"590f537420e81832c3893418e608cd6ab3cc7c5f"},{"introduced":"05b81d2b02578d432329c87c93f975e582d14c0e"},{"fixed":"556b2d2bee22d1307e696090c9be10fc10a47cd3"},{"introduced":"0"},{"last_affected":"2ee4a1c9806aab459d05e60751e07d86a4bebd78"},{"introduced":"0"},{"last_affected":"05b81d2b02578d432329c87c93f975e582d14c0e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.2.12"},{"introduced":"4.0"},{"fixed":"4.0.10"},{"introduced":"0"},{"last_affected":"5.0-rc1"},{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["1.3.6","2.2-alpha0","2.2-alpha1","2.2-alpha2","2.2-alpha3","2.2-alpha4","2.2-alpha5","2.2-alpha6","2.2.0-rc1","2.3-alpha0","3.2-rc1","3.2.0","3.2.0-rc2","3.2.0-rc3","3.2.1","3.2.10","3.2.11","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","5.0-rc1","v1.3.10","v1.3.11","v1.3.7","v1.3.8","v1.3.9","v2.0.0-rc1","v2.1.1-watch","vm-playpen"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"13"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11219.json","vanir_signatures_modified":"2026-04-11T06:58:37Z","vanir_signatures":[{"digest":{"length":1801,"function_hash":"156998582815863949110707897650570902038"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2018-11219-2fb3402e","target":{"function":"b_unpack","file":"deps/lua/src/lua_struct.c"}},{"digest":{"length":380,"function_hash":"212353940668053933632077966106377345980"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2018-11219-577231ed","target":{"function":"getnum","file":"deps/lua/src/lua_struct.c"}},{"digest":{"length":543,"function_hash":"209148936099144138409285023791391343778"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2018-11219-b43d06ac","target":{"function":"controloptions","file":"deps/lua/src/lua_struct.c"}},{"digest":{"length":663,"function_hash":"145616438999787387902890994110005036109"},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","signature_type":"Function","target":{"function":"optsize","file":"deps/lua/src/lua_struct.c"},"signature_version":"v1","id":"CVE-2018-11219-eec1e6df","deprecated":false},{"digest":{"line_hashes":["298580714090721287723395818138119191421","252260118326799049191156181394685749318","140212443415647500912109205308826769500","47010833300303086681847101454590249461","2250722161879345816330442566485950611","291778318289862582589671380180879160640","334836077840905045155583947536240977132","75257252756429438366239461806916592544","328810329053557788914453396839483306372","128854904967302558653028066436045146216","18412046823770042382161477427479286047","61915029324611414734672095656655490873","194538167452478719857363951948039156123","219285841976367303374237696455245299327","130487431531773260282343331813662805546","62896359733481919104079431318740588747","79844671906440840823825256474367351454","82136349130077275828760951476966216953","322234568658267143906843575519826420808","139114028757505796482812688056023538966","289225860499092828678937269241542432163","77797580407604165072230177310498680959","168373412945031965907402107476021133992","108037414154487157696867202164748404445","208356851892411336592574217935585386516","47106722993918210117544422346340290358","21791877383518593155678106108791587978","20850546642795143188783712065105233341","163727175024992955792878788276909825715","108973603913098139983073012818738577869","15499872908595194586740821170849301573","169145434793424387054515110403785948365","59519322099621665956313398082796312715","301212329898690295042520218826794492500","140941388783461090503284320953709146797","141227304176044902484071393133233614897","144306291186590211077217811039990636776","106027017699778854473997237118722823636","267131521315032103563808361970758675778","1714716726188693615910796499974461902","169121770171529514691400166416816981226","123352208524936969230347592533202474306","285056854302858864433770168163440928731","223785330780789148016638103554505257989","290566257827539859525725047573530567630","25356015284263783552842320814865837727","238724153312891801286838161365304137833","246387191399888482141130178491137180089","60701822861080839838778561027141136119","280559594410255015805833660383253397132","131908187563153626998711924334711208345","236402879666547886027996341604403112145","318998145842192375326652381232556953270","28593654267163811115470499126755452487","249633165904829054090068913476207506134","272457109871804795909408145004251813287","161816937436399734229004187364207164125","336370852992307680526196505451131149509","259581184911959757255766743345245264089","149796673275637912553687467612606701156","45832761761244833252541380849002175680","33937314411747762345124812805300971355","237318707970637163863278359279516144105","13584478558334836220353399003482400890","182221358021094585680422976102204927077","237023239954917320437254265112690021081","165506645965077670135472079513144121245","171952448348829799112676502898043350451","83898518539303761145707659292340160913","165870156833943621846292022824591794500","281885183428382963268704658206933507576","85896486230917866628400087274038490965","48369128971045397324653364454054827249","220000325575662767371133681217059151959","325466934575822102384521846024203885276"],"threshold":0.9},"source":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3","signature_type":"Line","target":{"file":"deps/lua/src/lua_struct.c"},"signature_version":"v1","id":"CVE-2018-11219-f066305b","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}