Lucene search

[email protected]NVD:CVE-2020-14147

HistoryJun 15, 2020 - 6:15 p.m.

CVE-2020-14147

2020-06-1518:15:14

CWE-190

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.827

Percentile

98.4%

JSON

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Affected configurations

Nvd

Node

redislabsredisRange<5.0.9

redislabsredisRange6.0.0–6.0.3

Node

oraclecommunications_operations_monitorMatch3.4

oraclecommunications_operations_monitorMatch4.1

oraclecommunications_operations_monitorMatch4.2

oraclecommunications_operations_monitorMatch4.3

Node

suselinux_enterpriseMatch12.0

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
redislabsredis*cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*
oraclecommunications_operations_monitor3.4cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
oraclecommunications_operations_monitor4.1cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
oraclecommunications_operations_monitor4.2cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
oraclecommunications_operations_monitor4.3cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
suselinux_enterprise12.0cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redislabs	redis	*	cpe:2.3:a:redislabs:redis::::::::
oracle	communications_operations_monitor	3.4	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
oracle	communications_operations_monitor	4.1	cpe:2.3:a:oracle:communications_operations_monitor:4.1:::::::*
oracle	communications_operations_monitor	4.2	cpe:2.3:a:oracle:communications_operations_monitor:4.2:::::::*
oracle	communications_operations_monitor	4.3	cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*
suse	linux_enterprise	12.0	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*