user/redis: CVE-2020-14147: lua_struct.c getnum integer overflow
| Bugzilla ID | 314 |
| Alias(es) | CVE-2020-14147 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-22 23:14:09 -0500 |
| Modified | 2020-06-22 23:14:09 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/redis |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-14147 |
Description
CVE-2020-14147: https://nvd.nist.gov/vuln/detail/CVE-2020-14147
An integer overflow in the getnum function in lua_struct.c in Redis
before 6.0.3 allows context-dependent attackers with permission to run
Lua code in a Redis session to cause a denial of service (memory
corruption and application crash) or possibly bypass intended sandbox
restrictions via a large number, which triggers a stack-based buffer
overflow. NOTE: this issue exists because of a CVE-2015-8080
regression.
Introduced by https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Fixed in >= 5.0.8 https://github.com/antirez/redis/commit/16b2d07f0a9b58027611dab7f97788d37cb5ab84