Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2020-15945
Vulnerability from cvelistv5
Published
2020-07-24 20:05
Modified
2025-02-19 14:35
Severity ?
EPSS score ?
Summary
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lua-users.org/lists/lua-l/2020-07/msg00123.html | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.lua.org/bugs.html#5.4.0-8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lua-users.org/lists/lua-l/2020-07/msg00123.html | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 | Patch, Third Party Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T14:35:13.589Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, { url: "https://www.lua.org/bugs.html#5.4.0-8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15945", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", refsource: "MISC", url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { name: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", refsource: "MISC", url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15945", datePublished: "2020-07-24T20:05:57.000Z", dateReserved: "2020-07-24T00:00:00.000Z", dateUpdated: "2025-02-19T14:35:13.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2020-15945\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-07-24T21:15:34.553\",\"lastModified\":\"2025-02-19T15:15:10.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.\"},{\"lang\":\"es\",\"value\":\"Lua versiones hasta 5.4.0, presenta un fallo de segmentación en la función changedline en el archivo ldebug.c (por ejemplo, cuando es llamado por luaG_traceexec) porque espera incorrectamente que un valor oldpc siempre es actualizado siempre al regresar el flujo de control a una función\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.1\",\"versionEndExcluding\":\"5.4.0\",\"matchCriteriaId\":\"D14749DE-D05F-41F1-895A-C01E60CCE8B0\"}]}]}],\"references\":[{\"url\":\"http://lua-users.org/lists/lua-l/2020-07/msg00123.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.lua.org/bugs.html#5.4.0-8\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lua-users.org/lists/lua-l/2020-07/msg00123.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}", }, }
ghsa-4fp8-99qh-27p3
Vulnerability from github
Published
2022-05-24 17:24
Modified
2025-02-19 15:32
Severity ?
Details
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
{ affected: [], aliases: [ "CVE-2020-15945", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2020-07-24T21:15:00Z", severity: "MODERATE", }, details: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", id: "GHSA-4fp8-99qh-27p3", modified: "2025-02-19T15:32:11Z", published: "2022-05-24T17:24:18Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-15945", }, { type: "WEB", url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, { type: "WEB", url: "https://www.lua.org/bugs.html#5.4.0-8", }, { type: "WEB", url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
sca-2025-0006
Vulnerability from csaf_sick
Published
2025-04-28 13:00
Modified
2025-04-28 13:00
Summary
Vulnerability affecting picoScan and multiScan
Notes
summary
SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en-US", notes: [ { category: "summary", text: "SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.", title: "summary", }, { category: "general", text: "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.", title: "General Security Measures", }, { category: "general", text: "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.", title: "Vulnerability Classification", }, ], publisher: { category: "vendor", contact_details: "psirt@sick.de", issuing_authority: "SICK PSIRT is responsible for any vulnerabilities related to SICK products.", name: "SICK PSIRT", namespace: "https://www.sick.com/psirt", }, references: [ { summary: "SICK PSIRT Security Advisories", url: "https://sick.com/psirt", }, { summary: "SICK Operating Guidelines", url: "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", }, { summary: "ICS-CERT recommended practices on Industrial Security", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { summary: "CVSS v3.1 Calculator", url: "https://www.first.org/cvss/calculator/3.1", }, { category: "self", summary: "The canonical URL.", url: "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0006.json", }, ], title: "Vulnerability affecting picoScan and multiScan", tracking: { current_release_date: "2025-04-28T13:00:00.000Z", generator: { date: "2025-04-28T06:38:33.857Z", engine: { name: "Secvisogram", version: "2.5.24", }, }, id: "SCA-2025-0006", initial_release_date: "2025-04-28T13:00:00.000Z", revision_history: [ { date: "2025-04-28T13:00:00.000Z", number: "1", summary: "Initial version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK picoScan1XX all versions", product_id: "CSAFPID-0001", product_identification_helper: { skus: [ "1134607", "1134608", "1134609", "1134610", "1141395", "1141396", "1141397", "1141751", "1142269", "1142270", "1142272", "1142273", ], }, }, }, ], category: "product_name", name: "picoScan1XX", }, ], category: "product_family", name: "picoScan100", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK multiScan1XX all versions", product_id: "CSAFPID-0002", product_identification_helper: { skus: [ "1131164", "1137723", "1140110", "1140133", "1140134", "1141496", "1143873", ], }, }, }, ], category: "product_name", name: "multiScan1XX", }, ], category: "product_family", name: "multiScan100", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK picoScan1XX Firmware all versions", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "picoScan1XX Firmware", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "SICK multiScan1XX Firmware all versions", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "multiScan1XX Firmware", }, ], category: "vendor", name: "SICK AG", }, ], relationships: [ { category: "installed_on", full_product_name: { name: "SICK picoScan1XX all Firmware versions", product_id: "CSAFPID-0005", }, product_reference: "CSAFPID-0003", relates_to_product_reference: "CSAFPID-0001", }, { category: "installed_on", full_product_name: { name: "SICK multiScan1XX all Firmware versions", product_id: "CSAFPID-0006", }, product_reference: "CSAFPID-0004", relates_to_product_reference: "CSAFPID-0002", }, ], }, vulnerabilities: [ { cve: "CVE-2025-32472", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { audience: "all", category: "summary", text: "The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, remediations: [ { category: "workaround", details: "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources ”SICK Operating Guidelines” and ”ICS-CERT recommended practices on Industrial Security” could help to implement the general security practices. Additionally, the web server can be disabled via the CyberSecurity page in the UI.", product_ids: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Denial-of-Service Vulnerability in multiScan and picoScan via Slowloris Attack", }, { cve: "CVE-2024-38517", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { audience: "all", category: "summary", text: "Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", environmentalScore: 7.8, environmentalSeverity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.8, temporalSeverity: "HIGH", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Underflow in GenericReader::ParseNumber() Function", }, { cve: "CVE-2024-39684", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { audience: "all", category: "summary", text: "Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", environmentalScore: 7.8, environmentalSeverity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.8, temporalSeverity: "HIGH", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Overflow in GenericReader::ParseNumber() Function", }, { cve: "CVE-2022-46908", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { audience: "all", category: "summary", text: "SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", environmentalScore: 7.3, environmentalSeverity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", temporalScore: 7.3, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "SQLite Vulnerable to Protection Mechanism Bypass via Improper Implementation of 'azProhibitedFunctions'", }, { cve: "CVE-2021-36690", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { audience: "all", category: "summary", text: "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "SQLite Vulnerable to Denial-of-Service (DoS) via Segmentation Fault in 'idxGetTableInfo' Function", }, { cve: "CVE-2022-35737", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, notes: [ { audience: "all", category: "summary", text: "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "SQLite Vulnerable to Memory Corruption via Stack-Based Buffer Overflow in 'sqlite3_str_vappendf()' Function Used by 'printf' Family API Implementations", }, { cve: "CVE-2021-45346", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { audience: "all", category: "summary", text: "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", environmentalScore: 4.3, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", temporalScore: 4.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "SQLite Vulnerable to Information Disclosure via Maliciously Crafted Queries", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { audience: "all", category: "summary", text: "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", environmentalScore: 7.3, environmentalSeverity: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.3, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in 'sessionReadRecord' Function of 'Sessions' Extension", }, { cve: "CVE-2022-28805", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { audience: "all", category: "summary", text: "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", environmentalScore: 9.1, environmentalSeverity: "CRITICAL", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 9.1, temporalSeverity: "CRITICAL", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) and Information Disclosure via Heap-Based Buffer Over-Read in 'luaH_getshortstr' Function", }, { cve: "CVE-2020-24370", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { audience: "all", category: "summary", text: "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Integer Overflow in 'ldebug.c' File", }, { cve: "CVE-2021-43519", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { audience: "all", category: "summary", text: "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.5, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 5.5, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in 'ldo.c'", }, { cve: "CVE-2020-24369", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { audience: "all", category: "summary", text: "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in 'ldo.c'", }, { cve: "CVE-2020-24371", cwe: { id: "CWE-763", name: "Release of Invalid Pointer or Reference", }, notes: [ { audience: "all", category: "summary", text: "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Information Disclosure via Mishandled Interaction Between Barriers and Sweep Phase", }, { cve: "CVE-2022-33099", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { audience: "all", category: "summary", text: "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in 'luaG_runerror' Function", }, { cve: "CVE-2020-15945", cwe: { id: "CWE-229", name: "Improper Handling of Values", }, notes: [ { audience: "all", category: "summary", text: "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.5, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", temporalScore: 5.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service via 'changedline' Function", }, { cve: "CVE-2020-15888", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { audience: "all", category: "summary", text: "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", environmentalScore: 8.8, environmentalSeverity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 8.8, temporalSeverity: "HIGH", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Multiple Heap Related Memory Errors via Garbage Collection 'Stack Resizing'", }, { cve: "CVE-2020-24342", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { audience: "all", category: "summary", text: "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", environmentalScore: 7.8, environmentalSeverity: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.8, temporalSeverity: "HIGH", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in 'luaD_callnoyield' Function", }, { cve: "CVE-2024-10525", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { audience: "all", category: "summary", text: "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", environmentalScore: 9.8, environmentalSeverity: "CRITICAL", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 9.8, temporalSeverity: "CRITICAL", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Eclipse Mosquitto Vulnerable to Memory Corruption via Heap-Based-Buffer Overflow in Crafted SUBACK Packet in libmosquitto Component", }, { cve: "CVE-2024-8376", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { audience: "all", category: "summary", text: "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Eclipse Mosquitto Vulnerable to Memory Corruption via Specific Sequences in Packet Handling Component", }, { cve: "CVE-2023-28366", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { audience: "all", category: "summary", text: "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak Triggered by Duplicate QoS 2 Messages", }, { cve: "CVE-2023-3592", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { audience: "all", category: "summary", text: "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", environmentalScore: 7.5, environmentalSeverity: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 7.5, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak in 'v5 CONNECT' Packets", }, { cve: "CVE-2024-3935", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { audience: "all", category: "summary", text: "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 6.5, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Eclipse Mosquitto Vulnerable to Memory Corruption via Double Free in Crafted PUBLISH Packet in Outgoing Bridge Connection", }, { cve: "CVE-2023-0809", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { audience: "all", category: "summary", text: "In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.", title: "Summary", }, ], product_status: { known_not_affected: [ "CSAFPID-0005", "CSAFPID-0006", ], }, scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0005", "CSAFPID-0006", ], }, ], title: "Mosquitto Vulnerable to Denial-of-Service (DoS) via Excessive Memory Allocation", }, ], }
fkie_cve-2020-15945
Vulnerability from fkie_nvd
Published
2020-07-24 21:15
Modified
2025-02-19 15:15
Severity ?
Summary
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lua-users.org/lists/lua-l/2020-07/msg00123.html | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.lua.org/bugs.html#5.4.0-8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lua-users.org/lists/lua-l/2020-07/msg00123.html | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*", matchCriteriaId: "D14749DE-D05F-41F1-895A-C01E60CCE8B0", versionEndExcluding: "5.4.0", versionStartIncluding: "5.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", }, { lang: "es", value: "Lua versiones hasta 5.4.0, presenta un fallo de segmentación en la función changedline en el archivo ldebug.c (por ejemplo, cuando es llamado por luaG_traceexec) porque espera incorrectamente que un valor oldpc siempre es actualizado siempre al regresar el flujo de control a una función", }, ], id: "CVE-2020-15945", lastModified: "2025-02-19T15:15:10.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-24T21:15:34.553", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, { source: "cve@mitre.org", url: "https://www.lua.org/bugs.html#5.4.0-8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2020-15945
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-15945", description: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", id: "GSD-2020-15945", references: [ "https://www.suse.com/security/cve/CVE-2020-15945.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-15945", ], details: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", id: "GSD-2020-15945", modified: "2023-12-13T01:21:43.284992Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15945", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", refsource: "MISC", url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, { name: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", refsource: "MISC", url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "<=5.4.0", affected_versions: "All versions up to 5.4.0", cvss_v2: "AV:L/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2020-08-11", description: "Lua has a segmentation fault in `changedline` in `ldebug.c` (e.g., when called by `luaG_traceexec`) because it incorrectly expects that an `oldpc` value is always updated upon a return of the flow of control to a function.", fixed_versions: [], identifier: "CVE-2020-15945", identifiers: [ "CVE-2020-15945", ], not_impacted: "", package_slug: "conan/lua", pubdate: "2020-07-24", solution: "Unfortunately, there is no solution available yet.", title: "Buffer Overflow", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2020-15945", ], uuid: "2cdbe337-be50-475e-8f7c-b92fdead43ff", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.4.0", versionStartIncluding: "5.3.1", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15945", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3", }, { name: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", refsource: "MISC", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://lua-users.org/lists/lua-l/2020-07/msg00123.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2023-04-20T18:39Z", publishedDate: "2020-07-24T21:15Z", }, }, }
opensuse-su-2024:11029-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
liblua5_4-5-32bit-5.4.3-4.2 on GA media
Notes
Title of the patch
liblua5_4-5-32bit-5.4.3-4.2 on GA media
Description of the patch
These are all security issues fixed in the liblua5_4-5-32bit-5.4.3-4.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11029
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "liblua5_4-5-32bit-5.4.3-4.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the liblua5_4-5-32bit-5.4.3-4.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11029", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11029-1.json", }, { category: "self", summary: "SUSE CVE CVE-2020-15888 page", url: "https://www.suse.com/security/cve/CVE-2020-15888/", }, { category: "self", summary: "SUSE CVE CVE-2020-15945 page", url: "https://www.suse.com/security/cve/CVE-2020-15945/", }, { category: "self", summary: "SUSE CVE CVE-2020-24342 page", url: "https://www.suse.com/security/cve/CVE-2020-24342/", }, { category: "self", summary: "SUSE CVE CVE-2020-24369 page", url: "https://www.suse.com/security/cve/CVE-2020-24369/", }, { category: "self", summary: "SUSE CVE CVE-2020-24370 page", url: "https://www.suse.com/security/cve/CVE-2020-24370/", }, { category: "self", summary: "SUSE CVE CVE-2020-24371 page", url: "https://www.suse.com/security/cve/CVE-2020-24371/", }, ], title: "liblua5_4-5-32bit-5.4.3-4.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11029-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "liblua5_4-5-5.4.3-4.2.aarch64", product: { name: "liblua5_4-5-5.4.3-4.2.aarch64", product_id: "liblua5_4-5-5.4.3-4.2.aarch64", }, }, { category: "product_version", name: "liblua5_4-5-32bit-5.4.3-4.2.aarch64", product: { name: "liblua5_4-5-32bit-5.4.3-4.2.aarch64", product_id: "liblua5_4-5-32bit-5.4.3-4.2.aarch64", }, }, { category: "product_version", name: "lua54-5.4.3-4.2.aarch64", product: { name: "lua54-5.4.3-4.2.aarch64", product_id: "lua54-5.4.3-4.2.aarch64", }, }, { category: "product_version", name: "lua54-devel-5.4.3-4.2.aarch64", product: { name: "lua54-devel-5.4.3-4.2.aarch64", product_id: "lua54-devel-5.4.3-4.2.aarch64", }, }, { category: "product_version", name: "lua54-doc-5.4.3-4.2.aarch64", product: { name: "lua54-doc-5.4.3-4.2.aarch64", product_id: "lua54-doc-5.4.3-4.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "liblua5_4-5-5.4.3-4.2.ppc64le", product: { name: "liblua5_4-5-5.4.3-4.2.ppc64le", product_id: "liblua5_4-5-5.4.3-4.2.ppc64le", }, }, { category: "product_version", name: "liblua5_4-5-32bit-5.4.3-4.2.ppc64le", product: { name: "liblua5_4-5-32bit-5.4.3-4.2.ppc64le", product_id: "liblua5_4-5-32bit-5.4.3-4.2.ppc64le", }, }, { category: "product_version", name: "lua54-5.4.3-4.2.ppc64le", product: { name: "lua54-5.4.3-4.2.ppc64le", product_id: "lua54-5.4.3-4.2.ppc64le", }, }, { category: "product_version", name: "lua54-devel-5.4.3-4.2.ppc64le", product: { name: "lua54-devel-5.4.3-4.2.ppc64le", product_id: "lua54-devel-5.4.3-4.2.ppc64le", }, }, { category: "product_version", name: "lua54-doc-5.4.3-4.2.ppc64le", product: { name: "lua54-doc-5.4.3-4.2.ppc64le", product_id: "lua54-doc-5.4.3-4.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "liblua5_4-5-5.4.3-4.2.s390x", product: { name: "liblua5_4-5-5.4.3-4.2.s390x", product_id: "liblua5_4-5-5.4.3-4.2.s390x", }, }, { category: "product_version", name: "liblua5_4-5-32bit-5.4.3-4.2.s390x", product: { name: "liblua5_4-5-32bit-5.4.3-4.2.s390x", product_id: "liblua5_4-5-32bit-5.4.3-4.2.s390x", }, }, { category: "product_version", name: "lua54-5.4.3-4.2.s390x", product: { name: "lua54-5.4.3-4.2.s390x", product_id: "lua54-5.4.3-4.2.s390x", }, }, { category: "product_version", name: "lua54-devel-5.4.3-4.2.s390x", product: { name: "lua54-devel-5.4.3-4.2.s390x", product_id: "lua54-devel-5.4.3-4.2.s390x", }, }, { category: "product_version", name: "lua54-doc-5.4.3-4.2.s390x", product: { name: "lua54-doc-5.4.3-4.2.s390x", product_id: "lua54-doc-5.4.3-4.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "liblua5_4-5-5.4.3-4.2.x86_64", product: { name: "liblua5_4-5-5.4.3-4.2.x86_64", product_id: "liblua5_4-5-5.4.3-4.2.x86_64", }, }, { category: "product_version", name: "liblua5_4-5-32bit-5.4.3-4.2.x86_64", product: { name: "liblua5_4-5-32bit-5.4.3-4.2.x86_64", product_id: "liblua5_4-5-32bit-5.4.3-4.2.x86_64", }, }, { category: "product_version", name: "lua54-5.4.3-4.2.x86_64", product: { name: "lua54-5.4.3-4.2.x86_64", product_id: "lua54-5.4.3-4.2.x86_64", }, }, { category: "product_version", name: "lua54-devel-5.4.3-4.2.x86_64", product: { name: "lua54-devel-5.4.3-4.2.x86_64", product_id: "lua54-devel-5.4.3-4.2.x86_64", }, }, { category: "product_version", name: "lua54-doc-5.4.3-4.2.x86_64", product: { name: "lua54-doc-5.4.3-4.2.x86_64", product_id: "lua54-doc-5.4.3-4.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "liblua5_4-5-5.4.3-4.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", }, product_reference: "liblua5_4-5-5.4.3-4.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-5.4.3-4.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", }, product_reference: "liblua5_4-5-5.4.3-4.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-5.4.3-4.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", }, product_reference: "liblua5_4-5-5.4.3-4.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-5.4.3-4.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", }, product_reference: "liblua5_4-5-5.4.3-4.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-32bit-5.4.3-4.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", }, product_reference: "liblua5_4-5-32bit-5.4.3-4.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-32bit-5.4.3-4.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", }, product_reference: "liblua5_4-5-32bit-5.4.3-4.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-32bit-5.4.3-4.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", }, product_reference: "liblua5_4-5-32bit-5.4.3-4.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "liblua5_4-5-32bit-5.4.3-4.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", }, product_reference: "liblua5_4-5-32bit-5.4.3-4.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-5.4.3-4.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", }, product_reference: "lua54-5.4.3-4.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-5.4.3-4.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", }, product_reference: "lua54-5.4.3-4.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-5.4.3-4.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", }, product_reference: "lua54-5.4.3-4.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-5.4.3-4.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", }, product_reference: "lua54-5.4.3-4.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-devel-5.4.3-4.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", }, product_reference: "lua54-devel-5.4.3-4.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-devel-5.4.3-4.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", }, product_reference: "lua54-devel-5.4.3-4.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-devel-5.4.3-4.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", }, product_reference: "lua54-devel-5.4.3-4.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-devel-5.4.3-4.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", }, product_reference: "lua54-devel-5.4.3-4.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-doc-5.4.3-4.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", }, product_reference: "lua54-doc-5.4.3-4.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-doc-5.4.3-4.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", }, product_reference: "lua54-doc-5.4.3-4.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-doc-5.4.3-4.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", }, product_reference: "lua54-doc-5.4.3-4.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "lua54-doc-5.4.3-4.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", }, product_reference: "lua54-doc-5.4.3-4.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15888", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15888", }, ], notes: [ { category: "general", text: "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15888", url: "https://www.suse.com/security/cve/CVE-2020-15888", }, { category: "external", summary: "SUSE Bug 1174367 for CVE-2020-15888", url: "https://bugzilla.suse.com/1174367", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-15888", }, { cve: "CVE-2020-15945", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15945", }, ], notes: [ { category: "general", text: "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15945", url: "https://www.suse.com/security/cve/CVE-2020-15945", }, { category: "external", summary: "SUSE Bug 1174540 for CVE-2020-15945", url: "https://bugzilla.suse.com/1174540", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-15945", }, { cve: "CVE-2020-24342", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24342", }, ], notes: [ { category: "general", text: "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24342", url: "https://www.suse.com/security/cve/CVE-2020-24342", }, { category: "external", summary: "SUSE Bug 1175339 for CVE-2020-24342", url: "https://bugzilla.suse.com/1175339", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-24342", }, { cve: "CVE-2020-24369", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24369", }, ], notes: [ { category: "general", text: "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24369", url: "https://www.suse.com/security/cve/CVE-2020-24369", }, { category: "external", summary: "SUSE Bug 1175447 for CVE-2020-24369", url: "https://bugzilla.suse.com/1175447", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24369", }, { cve: "CVE-2020-24370", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24370", }, ], notes: [ { category: "general", text: "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24370", url: "https://www.suse.com/security/cve/CVE-2020-24370", }, { category: "external", summary: "SUSE Bug 1175448 for CVE-2020-24370", url: "https://bugzilla.suse.com/1175448", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-24370", }, { cve: "CVE-2020-24371", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24371", }, ], notes: [ { category: "general", text: "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24371", url: "https://www.suse.com/security/cve/CVE-2020-24371", }, { category: "external", summary: "SUSE Bug 1175449 for CVE-2020-24371", url: "https://bugzilla.suse.com/1175449", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-32bit-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.s390x", "openSUSE Tumbleweed:liblua5_4-5-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-devel-5.4.3-4.2.x86_64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.aarch64", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.ppc64le", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.s390x", "openSUSE Tumbleweed:lua54-doc-5.4.3-4.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24371", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.