cvelistv5 - CVE-2020-14147

CVE-2020-14147 (GCVE-0-2020-14147)

Vulnerability from cvelistv5

Published

2020-06-15 16:52

Modified

2024-08-04 12:39

Severity ?

CWE

Summary

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTFR-2021-AVI-490

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.8.1

References

Title

Publication Time

fkie_cve-2020-14147

Vulnerability from fkie_nvd

Published

2020-06-15 18:15

Modified

2024-11-21 05:02

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html	Mailing List, Third Party Advisory
cve@mitre.org	https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571	Patch, Third Party Advisory
cve@mitre.org	https://github.com/antirez/redis/pull/6875	Patch, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202008-17	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4731	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/antirez/redis/pull/6875	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-17	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4731	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory

Impacted products

Vendor	Product	Version
redislabs	redis	*
redislabs	redis	*
oracle	communications_operations_monitor	3.4
oracle	communications_operations_monitor	4.1
oracle	communications_operations_monitor	4.2
oracle	communications_operations_monitor	4.3
suse	linux_enterprise	12.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3DB17EB-A894-4DF8-BF74-C9514C05E0DB",
              "versionEndExcluding": "5.0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4050F12D-ECAE-47FD-A9DF-D63DC8591A9B",
              "versionEndExcluding": "6.0.3",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF30C76E-7E58-4D76-89A8-53405685DA86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros en la funci\u00f3n getnum en el archivo lua_struct.c en Redis versiones anteriores a 6.0.3, permite a atacantes dependiendo del contexto, con permiso para ejecutar el c\u00f3digo Lua en una sesi\u00f3n de Redis, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y bloqueo de la aplicaci\u00f3n) o posiblemente omitir las restricciones del sandbox previstas por medio de un n\u00famero grande, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la pila. NOTA: este problema se presenta debido a una regresi\u00f3n de CVE-2015-8080"
    }
  ],
  "id": "CVE-2020-14147",
  "lastModified": "2024-11-21T05:02:44.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-15T18:15:14.990",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/antirez/redis/pull/6875"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-17"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/antirez/redis/pull/6875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-5q54-rrmc-9jrp

Vulnerability from github

Published

2022-05-24 17:20

Modified

2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
  "id": "GHSA-5q54-rrmc-9jrp",
  "modified": "2022-05-24T17:20:32Z",
  "published": "2022-05-24T17:20:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antirez/redis/pull/6875"
    },
    {
      "type": "WEB",
      "url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202008-17"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4731"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

msrc_cve-2020-14147

Vulnerability from csaf_microsoft

Published

2020-06-02 00:00

Modified

2021-12-16 00:00

Summary

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2020-14147 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-14147.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
    "tracking": {
      "current_release_date": "2021-12-16T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T17:54:46.581Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2020-14147",
      "initial_release_date": "2020-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-08-18T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2021-12-16T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added redis to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 redis 5.0.5-4",
                "product": {
                  "name": "\u003ccm1 redis 5.0.5-4",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 redis 5.0.5-4",
                "product": {
                  "name": "cm1 redis 5.0.5-4",
                  "product_id": "19183"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 redis 5.0.5-7",
                "product": {
                  "name": "\u003ccbl2 redis 5.0.5-7",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 redis 5.0.5-7",
                "product": {
                  "name": "cbl2 redis 5.0.5-7",
                  "product_id": "19069"
                }
              }
            ],
            "category": "product_name",
            "name": "redis"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 redis 5.0.5-4 as a component of CBL Mariner 1.0",
          "product_id": "16820-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 redis 5.0.5-4 as a component of CBL Mariner 1.0",
          "product_id": "19183-16820"
        },
        "product_reference": "19183",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 redis 5.0.5-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 redis 5.0.5-7 as a component of CBL Mariner 2.0",
          "product_id": "19069-17086"
        },
        "product_reference": "19069",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14147",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19183-16820",
          "19069-17086"
        ],
        "known_affected": [
          "16820-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-14147 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-14147.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-08-18T00:00:00.000Z",
          "details": "5.0.5-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2020-08-18T00:00:00.000Z",
          "details": "5.0.5-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-1",
            "17086-2"
          ]
        }
      ],
      "title": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
    }
  ]
}

opensuse-su-2020:1035-1

Vulnerability from csaf_opensuse

Published

2020-07-23 04:21

Modified

2020-07-23 04:21

Summary

Security update for redis

Notes

Title of the patch

Security update for redis

Description of the patch

This update for redis fixes the following issues: - CVE-2020-14147: Context dependent attackers with permission to run Lua code in a Redis session could have caused a denial of service (memory corruption and application crash) or possibly bypass sandbox restrictions (boo#1173018)

Patchnames

openSUSE-2020-1035

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for redis",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for redis fixes the following issues:\n\n- CVE-2020-14147: Context dependent attackers with permission to run Lua code in a \n  Redis session could have caused a denial of service (memory corruption and application crash)\n  or possibly bypass sandbox restrictions (boo#1173018)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1035",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1035-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1035-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RBFBAAVOV76B3CDCO55WND3VVZTYGO33/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1035-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RBFBAAVOV76B3CDCO55WND3VVZTYGO33/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173018",
        "url": "https://bugzilla.suse.com/1173018"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14147 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14147/"
      }
    ],
    "title": "Security update for redis",
    "tracking": {
      "current_release_date": "2020-07-23T04:21:54Z",
      "generator": {
        "date": "2020-07-23T04:21:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1035-1",
      "initial_release_date": "2020-07-23T04:21:54Z",
      "revision_history": [
        {
          "date": "2020-07-23T04:21:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redis-4.0.14-bp151.3.6.1.aarch64",
                "product": {
                  "name": "redis-4.0.14-bp151.3.6.1.aarch64",
                  "product_id": "redis-4.0.14-bp151.3.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redis-4.0.14-bp151.3.6.1.ppc64le",
                "product": {
                  "name": "redis-4.0.14-bp151.3.6.1.ppc64le",
                  "product_id": "redis-4.0.14-bp151.3.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redis-4.0.14-bp151.3.6.1.s390x",
                "product": {
                  "name": "redis-4.0.14-bp151.3.6.1.s390x",
                  "product_id": "redis-4.0.14-bp151.3.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redis-4.0.14-bp151.3.6.1.x86_64",
                "product": {
                  "name": "redis-4.0.14-bp151.3.6.1.x86_64",
                  "product_id": "redis-4.0.14-bp151.3.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP1",
                "product": {
                  "name": "SUSE Package Hub 15 SP1",
                  "product_id": "SUSE Package Hub 15 SP1"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.aarch64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.ppc64le as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.ppc64le"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.s390x"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.x86_64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.aarch64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.ppc64le"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.s390x as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.s390x"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.x86_64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.aarch64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.aarch64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.ppc64le as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.ppc64le"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.s390x as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.s390x"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redis-4.0.14-bp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.x86_64"
        },
        "product_reference": "redis-4.0.14-bp151.3.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14147",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14147"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.aarch64",
          "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.ppc64le",
          "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.s390x",
          "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.x86_64",
          "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.aarch64",
          "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.ppc64le",
          "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.s390x",
          "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.x86_64",
          "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.aarch64",
          "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.ppc64le",
          "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.s390x",
          "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14147",
          "url": "https://www.suse.com/security/cve/CVE-2020-14147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173018 for CVE-2020-14147",
          "url": "https://bugzilla.suse.com/1173018"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.aarch64",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.ppc64le",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.s390x",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.x86_64",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.aarch64",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.ppc64le",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.s390x",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.aarch64",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.ppc64le",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.s390x",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.aarch64",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.ppc64le",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.s390x",
            "SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1.x86_64",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.aarch64",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.ppc64le",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.s390x",
            "SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.aarch64",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.ppc64le",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.s390x",
            "openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-23T04:21:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14147"
    }
  ]
}

gsd-2020-14147

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-14147

Aliases

CVE-2020-14147

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14147",
    "description": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
    "id": "GSD-2020-14147",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-14147.html",
      "https://www.debian.org/security/2020/dsa-4731",
      "https://advisories.mageia.org/CVE-2020-14147.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14147"
      ],
      "details": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
      "id": "GSD-2020-14147",
      "modified": "2023-12-13T01:22:00.089526Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-14147",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/antirez/redis/pull/6875",
            "refsource": "MISC",
            "url": "https://github.com/antirez/redis/pull/6875"
          },
          {
            "name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
            "refsource": "MISC",
            "url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
          },
          {
            "name": "DSA-4731",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4731"
          },
          {
            "name": "openSUSE-SU-2020:1035",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
          },
          {
            "name": "GLSA-202008-17",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202008-17"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.3",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14147"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
            },
            {
              "name": "https://github.com/antirez/redis/pull/6875",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/antirez/redis/pull/6875"
            },
            {
              "name": "DSA-4731",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4731"
            },
            {
              "name": "openSUSE-SU-2020:1035",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
            },
            {
              "name": "GLSA-202008-17",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202008-17"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2021-07-30T13:59Z",
      "publishedDate": "2020-06-15T18:15Z"
    }
  }
}

cnvd-2021-25699

Vulnerability from cnvd

Title

Redis Labs Redis输入验证错误漏洞

Description

Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值（Key-Value）存储数据库，并提供多种语言的API。 Redis Labs Redis 6.0.3之前版本中的lua_struct.c文件的‘getnum’函数存在输入验证错误漏洞。远程攻击者可通过发送大量的特制命令利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Redis Labs Redis输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-14147

Impacted products

Name
Redis Labs Redis <6.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14147"
    }
  },
  "description": "Redis Labs Redis\u662f\u7f8e\u56fdRedis Labs\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u4f7f\u7528ANSI C\u7f16\u5199\u3001\u652f\u6301\u7f51\u7edc\u3001\u53ef\u57fa\u4e8e\u5185\u5b58\u4ea6\u53ef\u6301\u4e45\u5316\u7684\u65e5\u5fd7\u578b\u3001\u952e\u503c\uff08Key-Value\uff09\u5b58\u50a8\u6570\u636e\u5e93\uff0c\u5e76\u63d0\u4f9b\u591a\u79cd\u8bed\u8a00\u7684API\u3002 \n\nRedis Labs Redis 6.0.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684lua_struct.c\u6587\u4ef6\u7684\u2018getnum\u2019\u51fd\u6570\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-25699",
  "openTime": "2021-04-08",
  "patchDescription": "Redis Labs Redis\u662f\u7f8e\u56fdRedis Labs\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u4f7f\u7528ANSI C\u7f16\u5199\u3001\u652f\u6301\u7f51\u7edc\u3001\u53ef\u57fa\u4e8e\u5185\u5b58\u4ea6\u53ef\u6301\u4e45\u5316\u7684\u65e5\u5fd7\u578b\u3001\u952e\u503c\uff08Key-Value\uff09\u5b58\u50a8\u6570\u636e\u5e93\uff0c\u5e76\u63d0\u4f9b\u591a\u79cd\u8bed\u8a00\u7684API\u3002 \r\n\r\nRedis Labs Redis 6.0.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684lua_struct.c\u6587\u4ef6\u7684\u2018getnum\u2019\u51fd\u6570\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Redis Labs Redis\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Redis Labs Redis \u003c6.0.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-16",
  "title": "Redis Labs Redis\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-14147 (GCVE-0-2020-14147)

Vulnerability from cvelistv5

CERTFR-2021-AVI-490

Vulnerability from certfr_avis

Solution

fkie_cve-2020-14147

Vulnerability from fkie_nvd

ghsa-5q54-rrmc-9jrp

Vulnerability from github

msrc_cve-2020-14147

Vulnerability from csaf_microsoft

opensuse-su-2020:1035-1

Vulnerability from csaf_opensuse

gsd-2020-14147

Vulnerability from gsd

cnvd-2021-25699

Vulnerability from cnvd

Tags

Sightings

Nomenclature