Vulnerability Name:

CVE-2020-14147 (CCN-183518)

Assigned:2020-02-10
Published:2020-02-10
Updated:2021-07-30
Summary:An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Note: this issue exists because of a CVE-2015-8080 regression.
CVSS v3 Severity:7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-787
CWE-190
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-14147

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1035

Source: XF
Type: UNKNOWN
redis-cve202014147-dos(183518)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571

Source: CCN
Type: Redis GIT Repository
revisit CVE-2015-8080 vulnerability #6875

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/antirez/redis/pull/6875

Source: GENTOO
Type: Third Party Advisory
GLSA-202008-17

Source: DEBIAN
Type: Third Party Advisory
DSA-4731

Source: CCN
Type: IBM Security Bulletin 6255638 (Watson Knowledge Catalog for IBM Cloud Pak for Data)
Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6338475 (Event Streams)
IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6339123 (Cloud Event Management)
Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6342861 (DataPower Gateway)
IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6466435 (Spectrum Protect Plus)
Vulnerabilities in Redis, MinIO, Golang, and Urllib3 affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version < 5.0.9)
  • OR cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.0.3)

  • Configuration 2:
  • cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:redislabs:redis:6.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:2018.4.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202014147
    V
    CVE-2020-14147
    2021-10-24
    oval:org.opensuse.security:def:74381
    P
    Security update for webkit2gtk3 (Important)
    2021-10-12
    oval:org.opensuse.security:def:62773
    P
    libXt6-32bit-1.1.5-2.24 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63618
    P
    gnome-photos-3.34.1-1.62 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64441
    P
    Security update for xen (Important)
    2020-12-03
    oval:org.opensuse.security:def:62596
    P
    perl-Tk-804.034-1.44 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63052
    P
    python2-numpy-gnu-hpc-1.14.0-4.5.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62572
    P
    libopus-devel-1.2.1-1.29 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63392
    P
    nodejs8-8.11.1-1.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63254
    P
    apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62573
    P
    libpango-1_0-0-32bit-1.40.14-3.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64287
    P
    kernel-firmware on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25116
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64079
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25324
    P
    Security update for bcm43xx-firmware (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74507
    P
    Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25756
    P
    Security update for python, python-base, python-doc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25465
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:25814
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25668
    P
    Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25052
    P
    Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26487
    P
    Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64329
    P
    libgtk-vnc-2_0-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63945
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25243
    P
    Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25041
    P
    Security update for libpcap (Important)
    2020-12-01
    oval:org.opensuse.security:def:64185
    P
    Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:25381
    P
    Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25770
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25615
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:26452
    P
    Security update for phpMyAdmin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:93494
    P
    Security update for redis (Moderate)
    2020-07-23
    oval:org.opensuse.security:def:100207
    P
    Security update for redis (Moderate)
    2020-07-23
    oval:org.opensuse.security:def:110131
    P
    Security update for redis (Moderate)
    2020-07-23
    BACK
    redislabs redis *
    redislabs redis *
    oracle communications operations monitor 3.4
    oracle communications operations monitor 4.1
    oracle communications operations monitor 4.2
    oracle communications operations monitor 4.3
    suse linux enterprise 12.0
    debian debian linux 10.0
    redislabs redis 6.0.2
    ibm datapower gateway 2018.4.1.0
    oracle communications operations monitor 3.4
    ibm spectrum protect plus 10.1.6
    ibm event streams 10.0.0
    ibm datapower gateway 2018.4.1.12
    ibm datapower gateway 10.0.0.0
    ibm spectrum protect plus 10.1.7
    ibm spectrum protect plus 10.1.5