Vulnerabilites related to lua - lua
cve-2022-28805
Vulnerability from cvelistv5
Published
2022-04-08 00:00
Modified
2024-08-03 06:03
Severity ?
Summary
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T06:03:53.085Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-02/msg00001.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-02/msg00070.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-04/msg00009.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa",
               },
               {
                  name: "FEDORA-2022-b9ed35a7ad",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
               },
               {
                  name: "FEDORA-2022-5b5889f43a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
               },
               {
                  name: "GLSA-202305-23",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-23",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://lua-users.org/lists/lua-l/2022-02/msg00001.html",
            },
            {
               url: "https://lua-users.org/lists/lua-l/2022-02/msg00070.html",
            },
            {
               url: "https://lua-users.org/lists/lua-l/2022-04/msg00009.html",
            },
            {
               url: "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa",
            },
            {
               name: "FEDORA-2022-b9ed35a7ad",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
            },
            {
               name: "FEDORA-2022-5b5889f43a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
            },
            {
               name: "GLSA-202305-23",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-23",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-28805",
      datePublished: "2022-04-08T00:00:00",
      dateReserved: "2022-04-08T00:00:00",
      dateUpdated: "2024-08-03T06:03:53.085Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24371
Vulnerability from cvelistv5
Published
2020-08-17 16:06
Modified
2024-08-04 15:12
Severity ?
Summary
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:12:08.966Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.lua.org/bugs.html#5.4.0-10",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-30T20:17:36",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.lua.org/bugs.html#5.4.0-10",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-24371",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
                  },
                  {
                     name: "https://www.lua.org/bugs.html#5.4.0-10",
                     refsource: "MISC",
                     url: "https://www.lua.org/bugs.html#5.4.0-10",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24371",
      datePublished: "2020-08-17T16:06:14",
      dateReserved: "2020-08-17T00:00:00",
      dateUpdated: "2024-08-04T15:12:08.966Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-32918
Vulnerability from cvelistv5
Published
2021-05-13 15:11
Modified
2024-08-03 23:33
Severity ?
Summary
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:33:55.925Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://blog.prosody.im/prosody-0.11.9-released/",
               },
               {
                  name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
               },
               {
                  name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
               },
               {
                  name: "DSA-4916",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4916",
               },
               {
                  name: "FEDORA-2021-b5d8c6d086",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
               },
               {
                  name: "FEDORA-2021-a33f6e36e1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
               },
               {
                  name: "FEDORA-2021-498be8f560",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202105-15",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-26T10:06:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://blog.prosody.im/prosody-0.11.9-released/",
            },
            {
               name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
            },
            {
               name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
            },
            {
               name: "DSA-4916",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4916",
            },
            {
               name: "FEDORA-2021-b5d8c6d086",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
            },
            {
               name: "FEDORA-2021-a33f6e36e1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
            },
            {
               name: "FEDORA-2021-498be8f560",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security.gentoo.org/glsa/202105-15",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-32918",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://blog.prosody.im/prosody-0.11.9-released/",
                     refsource: "MISC",
                     url: "https://blog.prosody.im/prosody-0.11.9-released/",
                  },
                  {
                     name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
                  },
                  {
                     name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
                  },
                  {
                     name: "DSA-4916",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4916",
                  },
                  {
                     name: "FEDORA-2021-b5d8c6d086",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
                  },
                  {
                     name: "FEDORA-2021-a33f6e36e1",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
                  },
                  {
                     name: "FEDORA-2021-498be8f560",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
                  },
                  {
                     name: "https://security.gentoo.org/glsa/202105-15",
                     refsource: "MISC",
                     url: "https://security.gentoo.org/glsa/202105-15",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-32918",
      datePublished: "2021-05-13T15:11:50",
      dateReserved: "2021-05-12T00:00:00",
      dateUpdated: "2024-08-03T23:33:55.925Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6706
Vulnerability from cvelistv5
Published
2019-01-23 00:00
Modified
2024-08-04 20:31
Severity ?
Summary
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:31:04.249Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2019-01/msg00039.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2019-6706",
               },
               {
                  name: "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-23T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html",
            },
            {
               url: "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf",
            },
            {
               url: "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
            },
            {
               url: "http://lua-users.org/lists/lua-l/2019-01/msg00039.html",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2019-6706",
            },
            {
               name: "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6706",
      datePublished: "2019-01-23T00:00:00",
      dateReserved: "2019-01-23T00:00:00",
      dateUpdated: "2024-08-04T20:31:04.249Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-5461
Vulnerability from cvelistv5
Published
2014-09-04 00:00
Modified
2024-08-06 11:48
Severity ?
Summary
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T11:48:49.016Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/08/21/4",
               },
               {
                  name: "USN-2338-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2338-1",
               },
               {
                  name: "GLSA-201701-53",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201701-53",
               },
               {
                  name: "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/08/27/2",
               },
               {
                  name: "69342",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/69342",
               },
               {
                  name: "59890",
                  tags: [
                     "third-party-advisory",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59890",
               },
               {
                  name: "MDVSA-2015:144",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144",
               },
               {
                  name: "DSA-3016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3016",
               },
               {
                  name: "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/08/21/1",
               },
               {
                  name: "60869",
                  tags: [
                     "third-party-advisory",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60869",
               },
               {
                  name: "DSA-3015",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3015",
               },
               {
                  name: "61411",
                  tags: [
                     "third-party-advisory",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/61411",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.lua.org/bugs.html#5.2.2-1",
               },
               {
                  name: "openSUSE-SU-2014:1145",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://advisories.mageia.org/MGASA-2014-0414.html",
               },
               {
                  name: "GLSA-202305-23",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-23",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-08-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/08/21/4",
            },
            {
               name: "USN-2338-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2338-1",
            },
            {
               name: "GLSA-201701-53",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201701-53",
            },
            {
               name: "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/08/27/2",
            },
            {
               name: "69342",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/69342",
            },
            {
               name: "59890",
               tags: [
                  "third-party-advisory",
               ],
               url: "http://secunia.com/advisories/59890",
            },
            {
               name: "MDVSA-2015:144",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144",
            },
            {
               name: "DSA-3016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2014/dsa-3016",
            },
            {
               name: "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/08/21/1",
            },
            {
               name: "60869",
               tags: [
                  "third-party-advisory",
               ],
               url: "http://secunia.com/advisories/60869",
            },
            {
               name: "DSA-3015",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2014/dsa-3015",
            },
            {
               name: "61411",
               tags: [
                  "third-party-advisory",
               ],
               url: "http://secunia.com/advisories/61411",
            },
            {
               url: "http://www.lua.org/bugs.html#5.2.2-1",
            },
            {
               name: "openSUSE-SU-2014:1145",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html",
            },
            {
               url: "http://advisories.mageia.org/MGASA-2014-0414.html",
            },
            {
               name: "GLSA-202305-23",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-23",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-5461",
      datePublished: "2014-09-04T00:00:00",
      dateReserved: "2014-08-26T00:00:00",
      dateUpdated: "2024-08-06T11:48:49.016Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-45985
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2024-08-04 04:54
Severity ?
Summary
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:54:31.069Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.lua.org/bugs.html#5.4.3-11",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-12/msg00019.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-10T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.lua.org/bugs.html#5.4.3-11",
            },
            {
               url: "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
            },
            {
               url: "http://lua-users.org/lists/lua-l/2021-12/msg00019.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-45985",
      datePublished: "2023-04-10T00:00:00",
      dateReserved: "2022-01-03T00:00:00",
      dateUpdated: "2024-08-04T04:54:31.069Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-32921
Vulnerability from cvelistv5
Published
2021-05-13 15:14
Modified
2024-08-03 23:33
Severity ?
Summary
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:33:56.162Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://blog.prosody.im/prosody-0.11.9-released/",
               },
               {
                  name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
               },
               {
                  name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
               },
               {
                  name: "DSA-4916",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4916",
               },
               {
                  name: "FEDORA-2021-b5d8c6d086",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
               },
               {
                  name: "FEDORA-2021-a33f6e36e1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
               },
               {
                  name: "FEDORA-2021-498be8f560",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202105-15",
               },
               {
                  name: "[debian-lts-announce] 20210616 [SECURITY] [DLA 2687-1] prosody security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html",
               },
               {
                  name: "[debian-lts-announce] 20210619 [SECURITY] [DLA 2687-2] prosody regression update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-19T08:06:18",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://blog.prosody.im/prosody-0.11.9-released/",
            },
            {
               name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
            },
            {
               name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
            },
            {
               name: "DSA-4916",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4916",
            },
            {
               name: "FEDORA-2021-b5d8c6d086",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
            },
            {
               name: "FEDORA-2021-a33f6e36e1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
            },
            {
               name: "FEDORA-2021-498be8f560",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security.gentoo.org/glsa/202105-15",
            },
            {
               name: "[debian-lts-announce] 20210616 [SECURITY] [DLA 2687-1] prosody security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html",
            },
            {
               name: "[debian-lts-announce] 20210619 [SECURITY] [DLA 2687-2] prosody regression update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-32921",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://blog.prosody.im/prosody-0.11.9-released/",
                     refsource: "MISC",
                     url: "https://blog.prosody.im/prosody-0.11.9-released/",
                  },
                  {
                     name: "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
                  },
                  {
                     name: "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
                  },
                  {
                     name: "DSA-4916",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4916",
                  },
                  {
                     name: "FEDORA-2021-b5d8c6d086",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
                  },
                  {
                     name: "FEDORA-2021-a33f6e36e1",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
                  },
                  {
                     name: "FEDORA-2021-498be8f560",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
                  },
                  {
                     name: "https://security.gentoo.org/glsa/202105-15",
                     refsource: "MISC",
                     url: "https://security.gentoo.org/glsa/202105-15",
                  },
                  {
                     name: "[debian-lts-announce] 20210616 [SECURITY] [DLA 2687-1] prosody security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html",
                  },
                  {
                     name: "[debian-lts-announce] 20210619 [SECURITY] [DLA 2687-2] prosody regression update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-32921",
      datePublished: "2021-05-13T15:14:43",
      dateReserved: "2021-05-12T00:00:00",
      dateUpdated: "2024-08-03T23:33:56.162Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24369
Vulnerability from cvelistv5
Published
2020-08-17 16:06
Modified
2024-08-04 15:12
Severity ?
Summary
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:12:08.718Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.lua.org/bugs.html#5.4.0-12",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-17T16:06:42",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.lua.org/bugs.html#5.4.0-12",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-24369",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.lua.org/bugs.html#5.4.0-12",
                     refsource: "MISC",
                     url: "https://www.lua.org/bugs.html#5.4.0-12",
                  },
                  {
                     name: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24369",
      datePublished: "2020-08-17T16:06:42",
      dateReserved: "2020-08-17T00:00:00",
      dateUpdated: "2024-08-04T15:12:08.718Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-44647
Vulnerability from cvelistv5
Published
2022-01-11 00:00
Modified
2024-08-04 04:25
Severity ?
Summary
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:25:16.894Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-11/msg00195.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-11/msg00204.html",
               },
               {
                  name: "FEDORA-2022-473560d1a6",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2021-44647",
               },
               {
                  name: "GLSA-202305-23",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202305-23",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-03T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "http://lua-users.org/lists/lua-l/2021-11/msg00195.html",
            },
            {
               url: "http://lua-users.org/lists/lua-l/2021-11/msg00204.html",
            },
            {
               name: "FEDORA-2022-473560d1a6",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2021-44647",
            },
            {
               name: "GLSA-202305-23",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202305-23",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-44647",
      datePublished: "2022-01-11T00:00:00",
      dateReserved: "2021-12-06T00:00:00",
      dateUpdated: "2024-08-04T04:25:16.894Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-43519
Vulnerability from cvelistv5
Published
2021-11-09 12:26
Modified
2024-08-04 03:55
Severity ?
Summary
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:55:29.081Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
               },
               {
                  name: "FEDORA-2022-e6b2bd5b50",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/",
               },
               {
                  name: "FEDORA-2022-473560d1a6",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-17T04:06:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
            },
            {
               name: "FEDORA-2022-e6b2bd5b50",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/",
            },
            {
               name: "FEDORA-2022-473560d1a6",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-43519",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
                  },
                  {
                     name: "FEDORA-2022-e6b2bd5b50",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/",
                  },
                  {
                     name: "FEDORA-2022-473560d1a6",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-43519",
      datePublished: "2021-11-09T12:26:22",
      dateReserved: "2021-11-08T00:00:00",
      dateUpdated: "2024-08-04T03:55:29.081Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-33099
Vulnerability from cvelistv5
Published
2022-07-01 11:26
Modified
2024-08-03 08:01
Severity ?
Summary
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T08:01:20.153Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
               },
               {
                  name: "FEDORA-2022-b9ed35a7ad",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
               },
               {
                  name: "FEDORA-2022-5b5889f43a",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-04T03:06:10",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
            },
            {
               name: "FEDORA-2022-b9ed35a7ad",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
            },
            {
               name: "FEDORA-2022-5b5889f43a",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-33099",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
                  },
                  {
                     name: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
                     refsource: "MISC",
                     url: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
                  },
                  {
                     name: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
                     refsource: "MISC",
                     url: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
                  },
                  {
                     name: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
                     refsource: "MISC",
                     url: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
                  },
                  {
                     name: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua%2Dstack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
                     refsource: "MISC",
                     url: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua%2Dstack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
                  },
                  {
                     name: "FEDORA-2022-b9ed35a7ad",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
                  },
                  {
                     name: "FEDORA-2022-5b5889f43a",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-33099",
      datePublished: "2022-07-01T11:26:38",
      dateReserved: "2022-06-13T00:00:00",
      dateUpdated: "2024-08-03T08:01:20.153Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24370
Vulnerability from cvelistv5
Published
2020-08-17 00:00
Modified
2024-08-04 15:12
Severity ?
Summary
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:12:08.645Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00324.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
               },
               {
                  name: "FEDORA-2020-d7ed9f18ff",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/",
               },
               {
                  name: "FEDORA-2020-c83556709c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/",
               },
               {
                  name: "[debian-lts-announce] 20200926 [SECURITY] [DLA 2381-1] lua5.3 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html",
               },
               {
                  name: "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-23T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00324.html",
            },
            {
               url: "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
            },
            {
               name: "FEDORA-2020-d7ed9f18ff",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/",
            },
            {
               name: "FEDORA-2020-c83556709c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/",
            },
            {
               name: "[debian-lts-announce] 20200926 [SECURITY] [DLA 2381-1] lua5.3 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html",
            },
            {
               name: "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24370",
      datePublished: "2020-08-17T00:00:00",
      dateReserved: "2020-08-17T00:00:00",
      dateUpdated: "2024-08-04T15:12:08.645Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15889
Vulnerability from cvelistv5
Published
2020-07-21 21:35
Modified
2024-08-04 13:30
Severity ?
Summary
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:30:23.249Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-12-22T20:36:26",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15889",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
                  },
                  {
                     name: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15889",
      datePublished: "2020-07-21T21:35:49",
      dateReserved: "2020-07-21T00:00:00",
      dateUpdated: "2024-08-04T13:30:23.249Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-24342
Vulnerability from cvelistv5
Published
2020-08-13 18:54
Modified
2024-08-04 15:12
Severity ?
Summary
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:12:08.657Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
               },
               {
                  name: "FEDORA-2020-38e35de8aa",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-25T18:06:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
            },
            {
               name: "FEDORA-2020-38e35de8aa",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-24342",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
                  },
                  {
                     name: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
                  },
                  {
                     name: "FEDORA-2020-38e35de8aa",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-24342",
      datePublished: "2020-08-13T18:54:20",
      dateReserved: "2020-08-13T00:00:00",
      dateUpdated: "2024-08-04T15:12:08.657Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-44964
Vulnerability from cvelistv5
Published
2022-03-14 14:24
Modified
2024-08-04 04:32
Severity ?
Summary
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:32:13.466Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-14T14:24:51",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-44964",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
                  },
                  {
                     name: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
                     refsource: "MISC",
                     url: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-44964",
      datePublished: "2022-03-14T14:24:51",
      dateReserved: "2021-12-13T00:00:00",
      dateUpdated: "2024-08-04T04:32:13.466Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15888
Vulnerability from cvelistv5
Published
2020-07-21 21:36
Modified
2024-08-04 13:30
Severity ?
Summary
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:30:23.046Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-21T21:36:02",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15888",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
                  },
                  {
                     name: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
                  },
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15888",
      datePublished: "2020-07-21T21:36:02",
      dateReserved: "2020-07-21T00:00:00",
      dateUpdated: "2024-08-04T13:30:23.046Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-15945
Vulnerability from cvelistv5
Published
2020-07-24 20:05
Modified
2024-08-04 13:30
Severity ?
Summary
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:30:23.337Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-24T20:05:57",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-15945",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
                     refsource: "MISC",
                     url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
                  },
                  {
                     name: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
                     refsource: "MISC",
                     url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-15945",
      datePublished: "2020-07-24T20:05:57",
      dateReserved: "2020-07-24T00:00:00",
      dateUpdated: "2024-08-04T13:30:23.337Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2019-01-23 19:29
Modified
2024-11-21 04:46
Summary
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
Impacted products
Vendor Product Version
lua lua 5.3.5
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1D6D7F5-0738-45EB-A4F2-9A65F8DD2D0A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.",
      },
      {
         lang: "es",
         value: "Lua 5.3.5 tiene un uso de memoria previamente liberada en lua_upvaluejoin en lapi.c. Por ejemplo, un atacante podría lograr un cierre inesperado al desencadenar una llamada debug.upvaluejoin en la que los argumentos tienen ciertas relaciones.",
      },
   ],
   id: "CVE-2019-6706",
   lastModified: "2024-11-21T04:46:59.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-23T19:29:00.447",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lua-users.org/lists/lua-l/2019-01/msg00039.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-6706",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lua-users.org/lists/lua-l/2019-01/msg00039.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-6706",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-07-01 12:15
Modified
2024-11-21 07:07
Summary
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
References
cve@mitre.orghttps://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670dafPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-05/msg00035.htmlExploit, Mailing List, Vendor Advisory
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-05/msg00042.htmlExploit, Mailing List, Vendor Advisory
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-05/msg00073.htmlExploit, Mailing List, Vendor Advisory
cve@mitre.orghttps://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error
af854a3a-2127-422b-91ae-364da2661108https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670dafPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-05/msg00035.htmlExploit, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-05/msg00042.htmlExploit, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-05/msg00073.htmlExploit, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error
Impacted products
Vendor Product Version
lua lua *
fedoraproject fedora 35
fedoraproject fedora 36



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F95F18B2-CD16-4739-AAA3-F0FD69B97E2C",
                     versionEndIncluding: "5.4.4",
                     versionStartIncluding: "5.4.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.",
      },
      {
         lang: "es",
         value: "Un problema en el componente luaG_runerror de Lua versiones v5.4.4 y posteriores, conlleva a un desbordamiento del búfer de la pila cuando es producido un error recursivo",
      },
   ],
   id: "CVE-2022-33099",
   lastModified: "2024-11-21T07:07:32.560",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-01T12:15:08.173",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-04-08 06:15
Modified
2024-11-21 06:57
Severity ?
Summary
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
References
cve@mitre.orghttps://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030faPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/Third Party Advisory
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-02/msg00001.htmlExploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-02/msg00070.htmlExploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://lua-users.org/lists/lua-l/2022-04/msg00009.htmlExploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202305-23Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030faPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-02/msg00001.htmlExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-02/msg00070.htmlExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lua-users.org/lists/lua-l/2022-04/msg00009.htmlExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-23Third Party Advisory
Impacted products
Vendor Product Version
lua lua *
fedoraproject fedora 35
fedoraproject fedora 36



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57801ACF-A19D-4A5B-8189-BAEE33E23BA3",
                     versionEndExcluding: "5.4.5",
                     versionStartIncluding: "5.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.",
      },
      {
         lang: "es",
         value: "singlevar en lparser.c en Lua desde (incluyendo) 5.4.0 hasta (excluyendo) 5.4.4 carece de una determinada llamada a luaK_exp2anyregup, lo que lleva a una sobrelectura del búfer basada en la pila que podría afectar a un sistema que compila código Lua no fiable",
      },
   ],
   id: "CVE-2022-28805",
   lastModified: "2024-11-21T06:57:57.733",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-04-08T06:15:07.243",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-02/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-02/msg00070.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-04/msg00009.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202305-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-02/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-02/msg00070.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lua-users.org/lists/lua-l/2022-04/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202305-23",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-08-13 19:15
Modified
2024-11-21 05:14
Summary
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
Impacted products
Vendor Product Version
lua lua 5.4.0
fedoraproject fedora 33



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4066DFAE-B20D-44C9-BC34-694748ABE2CA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.",
      },
      {
         lang: "es",
         value: "Lua versiones hasta 5.4.0, permite un cruce de redzone de pila en luaO_pushvfstring porque un mecanismo de protección llama erróneamente a luaD_callnoyield dos veces seguidas",
      },
   ],
   id: "CVE-2020-24342",
   lastModified: "2024-11-21T05:14:37.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-13T19:15:13.613",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-11-09 13:15
Modified
2024-11-21 06:29
Summary
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Impacted products
Vendor Product Version
lua lua *
lua lua *
fedoraproject fedora 35



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C02CCAFE-B2AD-4E44-B3E1-770780E8B056",
                     versionEndExcluding: "5.3.5",
                     versionStartIncluding: "5.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6722715C-7599-4D4C-A636-8A9A9F7F4619",
                     versionEndExcluding: "5.4.4",
                     versionStartIncluding: "5.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",
      },
      {
         lang: "es",
         value: "UN desbordamiento de pila en la función lua_resume del archivo ldo.c en Lua Interpreter versiones 5.1.0~5.4.4, permite a atacantes llevar a cabo una Denegación de Servicio por medio de un archivo de script diseñado",
      },
   ],
   id: "CVE-2021-43519",
   lastModified: "2024-11-21T06:29:20.817",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-11-09T13:15:08.500",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-674",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-05-13 16:15
Modified
2024-11-21 06:07
Summary
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2021/05/13/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2021/05/14/2Mailing List, Mitigation, Third Party Advisory
cve@mitre.orghttps://blog.prosody.im/prosody-0.11.9-released/Release Notes, Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
cve@mitre.orghttps://security.gentoo.org/glsa/202105-15Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2021/dsa-4916Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/05/13/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/05/14/2Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.prosody.im/prosody-0.11.9-released/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202105-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4916Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9528D37B-78D0-42FC-AAC3-DB6DE6A4A85B",
                     versionEndExcluding: "0.11.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "F41B4A37-B7E5-4405-B5EA-5F1832AF02E7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "6820CE33-926F-477F-A99E-153E88BD5248",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en Prosody versiones anteriores a 0.11.9. La configuración predeterminada es susceptible a ataques remotos de denegación de servicio (DoS) no autenticados por medio del agotamiento de la memoria cuando se ejecuta bajo Lua versiones 5.2 o Lua 5.3",
      },
   ],
   id: "CVE-2021-32918",
   lastModified: "2024-11-21T06:07:55.377",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-05-13T16:15:08.317",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.prosody.im/prosody-0.11.9-released/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-15",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4916",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.prosody.im/prosody-0.11.9-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4916",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-08-17 17:15
Modified
2024-11-21 05:14
Summary
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Impacted products
Vendor Product Version
lua lua 5.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "E9F78BF8-B73C-42C6-AF54-2CD935670053",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",
      },
      {
         lang: "es",
         value: "El archivo lgc.c en Lua versión 5.4.0, maneja inapropiadamente la interacción entre las barreras y la fase de barrido, conllevando a una violación de acceso a la memoria que involucra collectgarbage.",
      },
   ],
   id: "CVE-2020-24371",
   lastModified: "2024-11-21T05:14:41.293",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-17T17:15:13.927",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.0-10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.0-10",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-763",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-09-04 17:55
Modified
2024-11-21 02:12
Severity ?
Summary
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0414.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00030.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59890
secalert@redhat.comhttp://secunia.com/advisories/60869
secalert@redhat.comhttp://secunia.com/advisories/61411
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3015Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3016Third Party Advisory
secalert@redhat.comhttp://www.lua.org/bugs.html#5.2.2-1Patch, Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:144Broken Link
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/08/21/1Exploit, Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/08/21/4Exploit, Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/08/27/2Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/69342Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2338-1Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201701-53
secalert@redhat.comhttps://security.gentoo.org/glsa/202305-23
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0414.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59890
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60869
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61411
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3015Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3016Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.lua.org/bugs.html#5.2.2-1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:144Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/08/21/1Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/08/21/4Exploit, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/08/27/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/69342Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2338-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-53
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202305-23
Impacted products
Vendor Product Version
opensuse opensuse 12.3
opensuse opensuse 13.1
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
lua lua 5.1
lua lua 5.1.1
lua lua 5.1.2
lua lua 5.1.3
lua lua 5.1.4
lua lua 5.1.5
lua lua 5.2.0
lua lua 5.2.1
lua lua 5.2.2
mageia mageia 3.0
mageia mageia 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC473796-6345-4160-B361-DC160D7868C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5923214-1896-43F0-977A-99DDD44387F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "76151AAB-9D7A-417D-ABC3-ED3D5E73FE1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A910E12-8DDC-4E9A-ACD8-8ABE0C889A42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0AD03FE-C0BB-485B-92FD-7DBE4F6CF866",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "22511164-25BB-4A10-B111-CEEEEE41D8BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "68E5F477-8E32-421C-BE28-C04A066E439A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "74A8D450-9B86-43DC-93A1-F68E42391948",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2293D8C6-2D69-49EF-8BB9-F5222951386B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "76F1E356-E019-47E8-AA5F-702DA93CF74E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.",
      },
      {
         lang: "es",
         value: "Desbordamiento de buffer en las funciones vararg en ldo.c en Lua 5.1 hasta 5.2.x anterior a 5.2.3 permite a atacantes dependientes de contexto causar una denegación de servicio (caída) a través de un número pequeño de argumentos en una función con un número grande de argumentos fijos.",
      },
   ],
   id: "CVE-2014-5461",
   lastModified: "2024-11-21T02:12:06.497",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-09-04T17:55:07.763",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0414.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59890",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/60869",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/61411",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3015",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3016",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.lua.org/bugs.html#5.2.2-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/21/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/21/4",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/27/2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/69342",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2338-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201701-53",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/202305-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://advisories.mageia.org/MGASA-2014-0414.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59890",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/60869",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/61411",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3015",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2014/dsa-3016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.lua.org/bugs.html#5.2.2-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/21/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/21/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/08/27/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/69342",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-2338-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201701-53",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202305-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-21 22:15
Modified
2024-11-21 05:06
Summary
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
References
Impacted products
Vendor Product Version
lua lua 5.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "E9F78BF8-B73C-42C6-AF54-2CD935670053",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",
      },
      {
         lang: "es",
         value: "Lua versiones hasta 5.4.0, maneja inapropiadamente la interacción entre el cambio de tamaño de la pila y la recolección de basura, conllevando a un desbordamiento del búfer en la región heap de la memoria, a una lectura excesiva del búfer en la región heap de la memoria o un uso de la memoria previamente liberada",
      },
   ],
   id: "CVE-2020-15888",
   lastModified: "2024-11-21T05:06:23.010",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-21T22:15:12.090",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
            {
               lang: "en",
               value: "CWE-416",
            },
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-08-17 17:15
Modified
2024-11-21 05:14
Summary
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
References
cve@mitre.orghttp://lua-users.org/lists/lua-l/2020-07/msg00324.htmlExploit, Mailing List, Vendor Advisory
cve@mitre.orghttps://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7bPatch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/09/msg00019.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/06/msg00031.htmlThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lua-users.org/lists/lua-l/2020-07/msg00324.htmlExploit, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/09/msg00019.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/06/msg00031.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/Third Party Advisory
Impacted products
Vendor Product Version
lua lua 5.2.0
lua lua 5.2.0
lua lua 5.2.0
lua lua 5.2.1
lua lua 5.2.2
lua lua 5.2.3
lua lua 5.3.0
lua lua 5.3.0
lua lua 5.3.0
lua lua 5.3.1
lua lua 5.3.2
lua lua 5.3.3
lua lua 5.3.4
lua lua 5.3.5
lua lua 5.4.0
lua lua 5.4.0
lua lua 5.4.0
fedoraproject fedora 31
fedoraproject fedora 32
debian debian_linux 9.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "F41B4A37-B7E5-4405-B5EA-5F1832AF02E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.0:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "A2191642-D493-4813-87BF-20AD2E63A2AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.0:beta:*:*:*:*:*:*",
                     matchCriteriaId: "D810ACDB-A811-4B70-AA77-E724CD0242B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "74A8D450-9B86-43DC-93A1-F68E42391948",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2293D8C6-2D69-49EF-8BB9-F5222951386B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "25977A23-CF7A-4C39-8F0D-38E958E92F75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "6820CE33-926F-477F-A99E-153E88BD5248",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.0:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "4D651FE4-77A4-47CC-8EC6-FB8D35A2316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.0:beta:*:*:*:*:*:*",
                     matchCriteriaId: "9CBD494F-5C56-4472-9C02-09A14222E024",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED403C07-5D1C-4027-9A07-DD7AC4B9442E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69EE245-6921-4EC4-B052-558A3BA259E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DE6741D-A69C-4D2E-B5C9-EC44792BA871",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE86E188-EB0F-4D54-B1E7-0213C099DAB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1D6D7F5-0738-45EB-A4F2-9A65F8DD2D0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "E9F78BF8-B73C-42C6-AF54-2CD935670053",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "F49EE868-BA14-48D2-9C97-B52E6576EC62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:beta:*:*:*:*:*:*",
                     matchCriteriaId: "C9117B51-57B0-4648-B937-69A6DAC06134",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",
      },
      {
         lang: "es",
         value: "El archivo ldebug.c en Lua versión 5.4.0, permite un desbordamiento de negación y un error de segmentación en getlocal y setlocal, como es demostrado por getlocal (3,2^31).",
      },
   ],
   id: "CVE-2020-24370",
   lastModified: "2024-11-21T05:14:41.110",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-17T17:15:13.877",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00324.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00324.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-191",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-10 09:15
Modified
2024-11-21 06:33
Summary
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Impacted products
Vendor Product Version
lua lua 5.4.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9255844F-00EF-4D50-9292-3A12FD1FB3A7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.",
      },
   ],
   id: "CVE-2021-45985",
   lastModified: "2024-11-21T06:33:25.743",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-10T09:15:07.250",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00019.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.3-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00019.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.3-11",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-08-17 17:15
Modified
2024-11-21 05:14
Summary
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
Impacted products
Vendor Product Version
lua lua 5.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "E9F78BF8-B73C-42C6-AF54-2CD935670053",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",
      },
      {
         lang: "es",
         value: "El archivo ldebug.c en Lua versión 5.4.0, intenta acceder a la información de depuración por medio del enlace de línea de una función despojada, conllevando a una desreferencia del puntero NULL.",
      },
   ],
   id: "CVE-2020-24369",
   lastModified: "2024-11-21T05:14:40.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-17T17:15:13.817",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.0-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.lua.org/bugs.html#5.4.0-12",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-24 21:15
Modified
2024-11-21 05:06
Summary
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Impacted products
Vendor Product Version
lua lua *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D14749DE-D05F-41F1-895A-C01E60CCE8B0",
                     versionEndExcluding: "5.4.0",
                     versionStartIncluding: "5.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",
      },
      {
         lang: "es",
         value: "Lua versiones hasta 5.4.0, presenta un fallo de segmentación en la función changedline en el archivo ldebug.c (por ejemplo, cuando es llamado por luaG_traceexec) porque espera incorrectamente que un valor oldpc siempre es actualizado siempre al regresar el flujo de control a una función",
      },
   ],
   id: "CVE-2020-15945",
   lastModified: "2024-11-21T05:06:30.630",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-24T21:15:34.553",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-03-14 15:15
Modified
2024-11-21 06:31
Summary
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Impacted products
Vendor Product Version
lua lua *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "36E29101-6009-4A41-AF33-FDD5EA753F91",
                     versionEndIncluding: "5.4.3",
                     versionStartIncluding: "5.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.",
      },
      {
         lang: "es",
         value: "Un uso de memoria previamente liberada en el recolector de basura y en el finalizador de lgc.c en el intérprete de Lua versiones 5.4.0~5.4.3, permite a atacantes llevar a cabo un Escape del Sandbox por medio de un archivo de script diseñado",
      },
   ],
   id: "CVE-2021-44964",
   lastModified: "2024-11-21T06:31:44.853",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-14T15:15:09.373",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-05-13 16:15
Modified
2024-11-21 06:07
Summary
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2021/05/13/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2021/05/14/2Mailing List, Mitigation, Third Party Advisory
cve@mitre.orghttps://blog.prosody.im/prosody-0.11.9-released/Release Notes, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/06/msg00016.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/06/msg00018.htmlThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
cve@mitre.orghttps://security.gentoo.org/glsa/202105-15Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2021/dsa-4916Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/05/13/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/05/14/2Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.prosody.im/prosody-0.11.9-released/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/06/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/06/msg00018.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202105-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4916Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9528D37B-78D0-42FC-AAC3-DB6DE6A4A85B",
                     versionEndExcluding: "0.11.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE24D4A8-0798-4FE3-9B13-DBF7EBCE9336",
                     versionStartIncluding: "5.2.0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                     matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                     matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en Prosody versiones anteriores a 0.11.9. No utiliza un algoritmo de tiempo constante para comparar determinadas cadenas secretas cuando se ejecuta bajo Lua versiones 5.2 o posteriores. Esto puede potencialmente ser usado en un ataque de sincronización para revelar el contenido de cadenas secretas a un atacante",
      },
   ],
   id: "CVE-2021-32921",
   lastModified: "2024-11-21T06:07:55.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-05-13T16:15:08.407",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.prosody.im/prosody-0.11.9-released/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-15",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4916",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/13/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2021/05/14/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://blog.prosody.im/prosody-0.11.9-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2021/dsa-4916",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-01-11 13:15
Modified
2024-11-21 06:31
Summary
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Impacted products
Vendor Product Version
lua lua 5.4.3
fedoraproject fedora 34



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9255844F-00EF-4D50-9292-3A12FD1FB3A7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.",
      },
      {
         lang: "es",
         value: "Lua versión v5.4.3 y superiores están afectados por SEGV por confusión de tipo en la función funcnamefromcode en ldebug.c que puede causar una denegación de servicio local",
      },
   ],
   id: "CVE-2021-44647",
   lastModified: "2024-11-21T06:31:18.587",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-11T13:15:07.833",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00195.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00204.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2021-44647",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/202305-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00195.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2021-11/msg00204.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2021-44647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202305-23",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-843",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-21 22:15
Modified
2024-11-21 05:06
Severity ?
Summary
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Impacted products
Vendor Product Version
lua lua 5.4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:lua:lua:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4066DFAE-B20D-44C9-BC34-694748ABE2CA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.",
      },
      {
         lang: "es",
         value: "Lua versión 5.4.0, presenta una lectura excesiva del búfer en la región heap de la memoria de getobjname porque la función youngcollection en el archivo lgc.c utiliza markold para un número insuficiente de miembros de la lista",
      },
   ],
   id: "CVE-2020-15889",
   lastModified: "2024-11-21T05:06:23.173",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-21T22:15:12.150",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}