CVE-2020-14147

HIGH Year: 2020
CVSS v3 Score
7.7
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.

Related Vulnerabilities

CVE-2020-13822

HIGH
CVSS:7.7(High)

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact ...

CWE-1902020

CVE-2024-29784

HIGH
CVSS:7.7(High)

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges ...

CWE-1902024

CVE-2024-34740

HIGH
CVSS:7.7(High)

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with...

CWE-1902024

CVE-2002-2439

HIGH
CVSS:7.8(High)

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

CWE-1902002

CVE-2004-2013

HIGH
CVSS:7.8(High)

Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which caus...

CWE-1902004

CVE-2011-1823

HIGH
CVSS:7.8(High)

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileg...

CWE-1902011