PT-2020-5440 · Redis+2 · Redis+2

Cl0Und

+1

·

Published

2020-06-15

·

Updated

2026-05-18

·

CVE-2020-14147

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.0.3
Description The issue is caused by an integer overflow in the getnum function, which allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service or possibly bypass intended sandbox restrictions. This can be achieved by providing a large number that triggers a stack-based buffer overflow. The issue exists due to a regression of a previously known problem.
Recommendations For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of Lua code in Redis sessions to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Memory Corruption

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2021-1809
ALT-PU-2021-2093
ALT-PU-2023-4109
AZL-6842
BDU:2021-00559
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2020-14147
DSA-4731-1
MGASA-2020-0312
OPENSUSE-SU-2020:1035-1
OPENSUSE-SU-2020_1035-1

Affected Products

Alt Linux
Redis
Suse