CVE-2020-14147
published 2020-06-15CVE-2020-14147: An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis…
high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | redis | < redis 5:6.0.0-1 (bookworm) | redis 5:6.0.0-1 (bookworm) |
| msrc | cbl2_redis_5.0.5-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_redis_5.0.5-4_on_cbl_mariner_1.0 | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| redis | redis | >= 0 < 5:6.0.0-1 | 5:6.0.0-1 |
| redis | redis | >= 0 < 5:6.0.0-1 | 5:6.0.0-1 |
| redis | redis | >= 0 < 5:6.0.0-1 | 5:6.0.0-1 |
| redis | redis | >= 0 < 5:6.0.0-1 | 5:6.0.0-1 |
| redislabs | redis | < 5.0.9 | 5.0.9 |
| redislabs | redis | >= 6.0.0 < 6.0.3 | 6.0.3 |
| suse | linux_enterprise | — | — |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv7.5HIGH