CVE-2018-12326

Name: CVE-2018-12326
Creator: NVD / NIST
Published: 2018-06-17T14:29:00.26+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.68%

Last modified Jun 17, 2026

CVE-2018-12326 is a vulnerability of currently unknown severity. Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.

Description

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.

Metrics

EPSS Probability

2.68%

83.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Redislabs	Redis	< 4.0.10	—
Redislabs	Redis	5.0	Rc1

References

https://access.redhat.com/errata/RHSA-2019:0052
https://access.redhat.com/errata/RHSA-2019:0094
https://access.redhat.com/errata/RHSA-2019:1860
https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0Third Party Advisory
https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50Patch, Third Party Advisory
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTESPatch, Third Party Advisory
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTESPatch, Third Party Advisory
https://www.exploit-db.com/exploits/44904/Exploit, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2019:0052
https://access.redhat.com/errata/RHSA-2019:0094
https://access.redhat.com/errata/RHSA-2019:1860
https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0Third Party Advisory
https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50Patch, Third Party Advisory
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTESPatch, Third Party Advisory
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTESPatch, Third Party Advisory
https://www.exploit-db.com/exploits/44904/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Jun 17, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12326?

How severe is CVE-2018-12326?

Severity scoring for CVE-2018-12326 is pending analysis. The EPSS model estimates a 2.68% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12326?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12326?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST