Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14147

Опубликовано: 15 июн. 2020
Источник: nvd
CVSS3: 7.7
CVSS2: 4
EPSS Низкий

Описание

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
Версия до 5.0.9 (исключая)
cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
Версия от 6.0.0 (включая) до 6.0.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00271
Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2020-14147

CVSS3: 7.7
ubuntu
больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

redhat логотип

CVE-2020-14147

CVSS3: 7.7
redhat
больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

msrc логотип

CVE-2020-14147

CVSS3: 7.7
msrc
больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

debian логотип

CVE-2020-14147

CVSS3: 7.7
debian
больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis be ...

suse-cvrf логотип

openSUSE-SU-2020:1035-1

suse-cvrf
больше 5 лет назад

Security update for redis

EPSS

Процентиль: 50%
0.00271
Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-190