CVE-2020-14147

Опубликовано: 15 июн. 2020

Источник: redhat

CVSS3: 7.7

EPSS Низкий

Описание

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Меры по смягчению последствий

There is no known mitigation for this issue, the flaw can only be resolved by applying updates.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 8	redis:5/redis	Will not fix
Red Hat OpenStack Platform 10 (Newton)	redis	Not affected
Red Hat OpenStack Platform 13 (Queens)	redis	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1848539redis: integer overflow in the getnum function in lua_struct.c could lead to a DoS

EPSS

Процентиль: 50%

0.00271

Низкий

7.7 High

CVSS3

Связанные уязвимости

CVE-2020-14147

CVSS3: 7.7

ubuntu

больше 5 лет назад

CVE-2020-14147

CVSS3: 7.7

nvd

больше 5 лет назад

CVE-2020-14147

CVSS3: 7.7

msrc

больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

CVE-2020-14147

CVSS3: 7.7

debian

больше 5 лет назад

An integer overflow in the getnum function in lua_struct.c in Redis be ...

openSUSE-SU-2020:1035-1

suse-cvrf

больше 5 лет назад

Security update for redis

EPSS

Процентиль: 50%

0.00271

Низкий

7.7 High

CVSS3