CVE-2020-14147

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14147
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14147.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14147
Downstream
Related
Published
2020-06-15T18:15:14Z
Modified
2025-10-24T04:26:29.057855Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ef764dde1cca2f25d00686673d1bc89448819571

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 535.0,
            "function_hash": "285556551804856358181809971858790846830"
        },
        "target": {
            "function": "controloptions",
            "file": "deps/lua/src/lua_struct.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
        "id": "CVE-2020-14147-1c9f15ff"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "134335090510338628569141842895565787666",
                "129767963907433821863868325737636018053",
                "300080779537829833533704011346679055977",
                "150366785480519783601597766313455146941",
                "291778318289862582589671380180879160640",
                "334836077840905045155583947536240977132",
                "204789960506117649192793862499828062137",
                "206010478460804687345513953054922291922",
                "273452596673789713237435221305689614452",
                "224353343358345155052571137818636792223",
                "149016652711686681273500497938298290981",
                "88480705846654040951299849469807546662",
                "276361046096231743424703405800731534378",
                "307287750647995264489892449716195012064",
                "38246228680553567486599359596671787366",
                "263027252925130599613215470536067358578",
                "2874506608442905135345185747778786999",
                "47699769131658910848691075822501354908",
                "249210679146172818636927068194179760061"
            ]
        },
        "target": {
            "file": "deps/lua/src/lua_struct.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
        "id": "CVE-2020-14147-8ad6483a"
    },
    {
        "digest": {
            "length": 647.0,
            "function_hash": "4084196643356696974733906552222450367"
        },
        "target": {
            "function": "optsize",
            "file": "deps/lua/src/lua_struct.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
        "id": "CVE-2020-14147-a8de9166"
    },
    {
        "digest": {
            "length": 238.0,
            "function_hash": "135527645391249101043499856436152069482"
        },
        "target": {
            "function": "getnum",
            "file": "deps/lua/src/lua_struct.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
        "id": "CVE-2020-14147-c76f01ae"
    }
]

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ce878b6ed5df1a7b3e87a8af2d1262de4c5bb828

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0

5.*

5.0-rc1
5.0-rc2
5.0-rc3
5.0-rc4
5.0-rc5
5.0-rc6
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore