Vulnerability CVE-2020-14147

Vulnerability Name:

CVE-2020-14147 (CCN-183518)

Assigned:

2020-02-10

Published:

2020-02-10

Updated:

2021-07-30

Summary:

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Note: this issue exists because of a CVE-2015-8080 regression.

CVSS v3 Severity:

7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-787
CWE-190

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-14147

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1035

Source: XF
Type: UNKNOWN
redis-cve202014147-dos(183518)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571

Source: CCN
Type: Redis GIT Repository
revisit CVE-2015-8080 vulnerability #6875

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/antirez/redis/pull/6875

Source: GENTOO
Type: Third Party Advisory
GLSA-202008-17

Source: DEBIAN
Type: Third Party Advisory
DSA-4731

Source: CCN
Type: IBM Security Bulletin 6255638 (Watson Knowledge Catalog for IBM Cloud Pak for Data)
Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6338475 (Event Streams)
IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6339123 (Cloud Event Management)
Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6342861 (DataPower Gateway)
IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147)

Source: CCN
Type: IBM Security Bulletin 6466435 (Spectrum Protect Plus)
Vulnerabilities in Redis, MinIO, Golang, and Urllib3 affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version < 5.0.9)

OR cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.0.3)

Configuration 2:

cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:redislabs:redis:6.0.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:2018.4.1.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202014147	V	CVE-2020-14147	2021-10-24
oval:org.opensuse.security:def:74381	P	Security update for webkit2gtk3 (Important)	2021-10-12
oval:org.opensuse.security:def:62773	P	libXt6-32bit-1.1.5-2.24 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63618	P	gnome-photos-3.34.1-1.62 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64441	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:62596	P	perl-Tk-804.034-1.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63052	P	python2-numpy-gnu-hpc-1.14.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62572	P	libopus-devel-1.2.1-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63392	P	nodejs8-8.11.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63254	P	apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62573	P	libpango-1_0-0-32bit-1.40.14-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64287	P	kernel-firmware on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25116	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:64079	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25324	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:74507	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25465	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25668	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25052	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26487	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:64329	P	libgtk-vnc-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63945	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25243	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25041	P	Security update for libpcap (Important)	2020-12-01
oval:org.opensuse.security:def:64185	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25381	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25770	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25615	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26452	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:93494	P	Security update for redis (Moderate)	2020-07-23
oval:org.opensuse.security:def:100207	P	Security update for redis (Moderate)	2020-07-23
oval:org.opensuse.security:def:110131	P	Security update for redis (Moderate)	2020-07-23

BACK