user/redis: CVE-2020-14147: lua_struct.c getnum integer overflow
Bugzilla ID | 314 |
Alias(es) | CVE-2020-14147 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-06-22 23:14:09 -0500 |
Modified | 2020-06-22 23:14:09 -0500 |
Status | CONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/redis |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-14147 |
Description
CVE-2020-14147: https://nvd.nist.gov/vuln/detail/CVE-2020-14147
An integer overflow in the getnum function in lua_struct.c in Redis
before 6.0.3 allows context-dependent attackers with permission to run
Lua code in a Redis session to cause a denial of service (memory
corruption and application crash) or possibly bypass intended sandbox
restrictions via a large number, which triggers a stack-based buffer
overflow. NOTE: this issue exists because of a CVE-2015-8080
regression.
Introduced by https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Fixed in >= 5.0.8 https://github.com/antirez/redis/commit/16b2d07f0a9b58027611dab7f97788d37cb5ab84