Bug 1173018 - (CVE-2020-14147) VUL-1: CVE-2020-14147: redis: integer overflow in getnum function in lua_struct.c
(CVE-2020-14147)
VUL-1: CVE-2020-14147: redis: integer overflow in getnum function in lua_stru...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/261587/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-17 07:02 UTC by Robert Frohl
Modified: 2020-07-27 00:16 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-06-17 07:02:56 UTC
CVE-2020-14147

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3
allows context-dependent attackers with permission to run Lua code in a Redis
session to cause a denial of service (memory corruption and application crash)
or possibly bypass intended sandbox restrictions via a large number, which
triggers a stack-based buffer overflow. NOTE: this issue exists because of a
CVE-2015-8080 regression.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14147
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14147.html
https://github.com/antirez/redis/pull/6875
https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14147
Comment 1 Robert Frohl 2020-06-17 07:03:54 UTC
still an issue for Leap 15.1, fixed in Tumbleweed and Leap 15.2.
Comment 3 Swamp Workflow Management 2020-07-23 10:14:46 UTC
openSUSE-SU-2020:1035-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1173018
CVE References: CVE-2020-14147
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    redis-4.0.14-24.1
Comment 4 Swamp Workflow Management 2020-07-23 10:16:57 UTC
openSUSE-SU-2020:1035-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1173018
CVE References: CVE-2020-14147
Sources used:
openSUSE Leap 15.1 (src):    redis-4.0.14-lp151.2.6.1
openSUSE Backports SLE-15-SP1 (src):    redis-4.0.14-bp151.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    redis-4.0.14-24.1
Comment 5 Andreas Stieger 2020-07-27 00:16:17 UTC
done