Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14147 (GCVE-0-2020-14147)
Vulnerability from cvelistv5 – Published: 2020-06-15 16:52 – Updated: 2024-08-04 12:39
VLAI?
EPSS
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14147",
"datePublished": "2020-06-15T16:52:45.000Z",
"dateReserved": "2020-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:35.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2021-AVI-490
Vulnerability from certfr_avis - Published: 2021-06-29 - Updated: 2021-06-29
De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.8.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-27919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
},
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-29505",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
},
{
"name": "CVE-2020-26258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2021-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
},
{
"name": "CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2021-21285",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21285"
},
{
"name": "CVE-2021-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21362"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2020-14147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14147"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2020-26217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2020-28476",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28476"
},
{
"name": "CVE-2020-7929",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7929"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-22884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2021-22883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22883"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2021-21284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21284"
}
],
"initial_release_date": "2021-06-29T00:00:00",
"last_revision_date": "2021-06-29T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-490",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\nProtect. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum Protect",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6466435 du 28 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6466435"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6467281 du 28 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6467281"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6466599 du 28 juin 2021",
"url": "https://www.ibm.com/support/pages/node/6466599"
}
]
}
GSD-2020-14147
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14147",
"description": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
"id": "GSD-2020-14147",
"references": [
"https://www.suse.com/security/cve/CVE-2020-14147.html",
"https://www.debian.org/security/2020/dsa-4731",
"https://advisories.mageia.org/CVE-2020-14147.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14147"
],
"details": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
"id": "GSD-2020-14147",
"modified": "2023-12-13T01:22:00.089526Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
},
"lastModifiedDate": "2021-07-30T13:59Z",
"publishedDate": "2020-06-15T18:15Z"
}
}
}
cleanstart-2026-mz27698
Vulnerability from cleanstart
Published
2026-01-30 14:39
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.6-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-MZ27698",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:39:52.940858Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MZ27698.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
cleanstart-2026-bx37171
Vulnerability from cleanstart
Published
2026-01-30 14:43
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BX37171",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:43:22.549529Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BX37171.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
cleanstart-2026-wi17406
Vulnerability from cleanstart
Published
2026-01-30 17:35
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WI17406",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:35:28.375848Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WI17406.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
cleanstart-2026-fr00621
Vulnerability from cleanstart
Published
2026-01-30 14:36
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.5-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FR00621",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:36:52.496829Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FR00621.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449"
]
}
CVE-2020-14147
Vulnerability from fstec - Published: 19.07.2020
VLAI Severity ?
Title
Уязвимость реализации функции getnum() резидентной системы управления базами данных класса NoSQL Redis, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Description
Уязвимость реализации функции getnum() резидентной системы управления базами данных класса NoSQL Redis вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или выполнить произвольный код, используя скриптовый язык программирования Lua
Severity ?
Vendor
Oracle Corp., Сообщество свободного программного обеспечения, Novell Inc., Redis Labs
Software Name
Communications Operations Monitor, Debian GNU/Linux, SUSE Package Hub for SUSE Linux Enterprise, Redis
Software Version
3.4 (Communications Operations Monitor), 10 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), 4.2.0 (Communications Operations Monitor), 4.3.0 (Communications Operations Monitor), 4.1 (Communications Operations Monitor), до 6.0.3 (Redis)
Possible Mitigations
Использование рекомендаций:
Для Redis:
https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
https://github.com/antirez/redis/pull/6875
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2021.html
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html
Для Debian:
https://www.debian.org/security/2020/dsa-4731
Reference
https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
https://github.com/antirez/redis/pull/6875
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html
https://www.debian.org/security/2020/dsa-4731
CWE
CWE-190
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Redis Labs",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.4 (Communications Operations Monitor), 10 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), 4.2.0 (Communications Operations Monitor), 4.3.0 (Communications Operations Monitor), 4.1 (Communications Operations Monitor), \u0434\u043e 6.0.3 (Redis)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Redis:\nhttps://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 \nhttps://github.com/antirez/redis/pull/6875\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2021.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html\n\n\u0414\u043b\u044f Debian:\nhttps://www.debian.org/security/2020/dsa-4731",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.07.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.02.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.02.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00559",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-14147",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Communications Operations Monitor, Debian GNU/Linux, SUSE Package Hub for SUSE Linux Enterprise, Redis",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getnum() \u0440\u0435\u0437\u0438\u0434\u0435\u043d\u0442\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043b\u0430\u0441\u0441\u0430 NoSQL Redis, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 getnum() \u0440\u0435\u0437\u0438\u0434\u0435\u043d\u0442\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043b\u0430\u0441\u0441\u0430 NoSQL Redis \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432\u044b\u0439 \u044f\u0437\u044b\u043a \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Lua",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 \nhttps://github.com/antirez/redis/pull/6875\nhttps://www.oracle.com/security-alerts/cpujan2021.html \nhttps://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html\nhttps://www.debian.org/security/2020/dsa-4731",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}
GHSA-5Q54-RRMC-9JRP
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI?
Details
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
{
"affected": [],
"aliases": [
"CVE-2020-14147"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-15T18:15:00Z",
"severity": "MODERATE"
},
"details": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.",
"id": "GHSA-5q54-rrmc-9jrp",
"modified": "2022-05-24T17:20:32Z",
"published": "2022-05-24T17:20:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"type": "WEB",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2020-14147
Vulnerability from fkie_nvd - Published: 2020-06-15 18:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| redislabs | redis | * | |
| oracle | communications_operations_monitor | 3.4 | |
| oracle | communications_operations_monitor | 4.1 | |
| oracle | communications_operations_monitor | 4.2 | |
| oracle | communications_operations_monitor | 4.3 | |
| suse | linux_enterprise | 12.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB17EB-A894-4DF8-BF74-C9514C05E0DB",
"versionEndExcluding": "5.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4050F12D-ECAE-47FD-A9DF-D63DC8591A9B",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF30C76E-7E58-4D76-89A8-53405685DA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n getnum en el archivo lua_struct.c en Redis versiones anteriores a 6.0.3, permite a atacantes dependiendo del contexto, con permiso para ejecutar el c\u00f3digo Lua en una sesi\u00f3n de Redis, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y bloqueo de la aplicaci\u00f3n) o posiblemente omitir las restricciones del sandbox previstas por medio de un n\u00famero grande, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la pila. NOTA: este problema se presenta debido a una regresi\u00f3n de CVE-2015-8080"
}
],
"id": "CVE-2020-14147",
"lastModified": "2024-11-21T05:02:44.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T18:15:14.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2021-25699
Vulnerability from cnvd - Published: 2021-04-08
VLAI Severity ?
Title
Redis Labs Redis输入验证错误漏洞
Description
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。
Redis Labs Redis 6.0.3之前版本中的lua_struct.c文件的‘getnum’函数存在输入验证错误漏洞。远程攻击者可通过发送大量的特制命令利用该漏洞造成拒绝服务。
Severity
中
Patch Name
Redis Labs Redis输入验证错误漏洞的补丁
Patch Description
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。
Redis Labs Redis 6.0.3之前版本中的lua_struct.c文件的‘getnum’函数存在输入验证错误漏洞。远程攻击者可通过发送大量的特制命令利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-14147
Impacted products
| Name | Redis Labs Redis <6.0.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-14147"
}
},
"description": "Redis Labs Redis\u662f\u7f8e\u56fdRedis Labs\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u4f7f\u7528ANSI C\u7f16\u5199\u3001\u652f\u6301\u7f51\u7edc\u3001\u53ef\u57fa\u4e8e\u5185\u5b58\u4ea6\u53ef\u6301\u4e45\u5316\u7684\u65e5\u5fd7\u578b\u3001\u952e\u503c\uff08Key-Value\uff09\u5b58\u50a8\u6570\u636e\u5e93\uff0c\u5e76\u63d0\u4f9b\u591a\u79cd\u8bed\u8a00\u7684API\u3002 \n\nRedis Labs Redis 6.0.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684lua_struct.c\u6587\u4ef6\u7684\u2018getnum\u2019\u51fd\u6570\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-25699",
"openTime": "2021-04-08",
"patchDescription": "Redis Labs Redis\u662f\u7f8e\u56fdRedis Labs\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u4f7f\u7528ANSI C\u7f16\u5199\u3001\u652f\u6301\u7f51\u7edc\u3001\u53ef\u57fa\u4e8e\u5185\u5b58\u4ea6\u53ef\u6301\u4e45\u5316\u7684\u65e5\u5fd7\u578b\u3001\u952e\u503c\uff08Key-Value\uff09\u5b58\u50a8\u6570\u636e\u5e93\uff0c\u5e76\u63d0\u4f9b\u591a\u79cd\u8bed\u8a00\u7684API\u3002 \r\n\r\nRedis Labs Redis 6.0.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684lua_struct.c\u6587\u4ef6\u7684\u2018getnum\u2019\u51fd\u6570\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u7279\u5236\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Redis Labs Redis\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Redis Labs Redis \u003c6.0.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147",
"serverity": "\u4e2d",
"submitTime": "2020-06-16",
"title": "Redis Labs Redis\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…