Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by lua
CVE-2021-45985 (GCVE-0-2021-45985)
Vulnerability from cvelistv5 – Published: 2023-04-10 00:00 – Updated: 2025-02-12 16:02
VLAI
Summary
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.lua.org/bugs.html#5.4.3-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5"
},
{
"tags": [
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:01:31.275627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:02:20.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.lua.org/bugs.html#5.4.3-11"
},
{
"url": "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5"
},
{
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45985",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:02:20.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33099 (GCVE-0-2022-33099)
Vulnerability from cvelistv5 – Published: 2022-07-01 11:26 – Updated: 2024-08-03 08:01
VLAI
Summary
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/lua/lua/commit/42d40581dd919fb… | x_refsource_MISC |
| https://lua-users.org/lists/lua-l/2022-05/msg00035.html | x_refsource_MISC |
| https://lua-users.org/lists/lua-l/2022-05/msg00042.html | x_refsource_MISC |
| https://lua-users.org/lists/lua-l/2022-05/msg00073.html | x_refsource_MISC |
| https://www.lua.org/bugs.html#Lua-stack%20overflo… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00035.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00073.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error"
},
{
"name": "FEDORA-2022-b9ed35a7ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/"
},
{
"name": "FEDORA-2022-5b5889f43a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T03:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00035.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00073.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error"
},
{
"name": "FEDORA-2022-b9ed35a7ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/"
},
{
"name": "FEDORA-2022-5b5889f43a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf"
},
{
"name": "https://lua-users.org/lists/lua-l/2022-05/msg00035.html",
"refsource": "MISC",
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00035.html"
},
{
"name": "https://lua-users.org/lists/lua-l/2022-05/msg00042.html",
"refsource": "MISC",
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00042.html"
},
{
"name": "https://lua-users.org/lists/lua-l/2022-05/msg00073.html",
"refsource": "MISC",
"url": "https://lua-users.org/lists/lua-l/2022-05/msg00073.html"
},
{
"name": "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua%2Dstack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error",
"refsource": "MISC",
"url": "https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua%2Dstack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error"
},
{
"name": "FEDORA-2022-b9ed35a7ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/"
},
{
"name": "FEDORA-2022-5b5889f43a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33099",
"datePublished": "2022-07-01T11:26:38.000Z",
"dateReserved": "2022-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:01:20.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28805 (GCVE-0-2022-28805)
Vulnerability from cvelistv5 – Published: 2022-04-08 00:00 – Updated: 2024-08-03 06:03
VLAI
Summary
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-02/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-02/msg00070.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lua-users.org/lists/lua-l/2022-04/msg00009.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa"
},
{
"name": "FEDORA-2022-b9ed35a7ad",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/"
},
{
"name": "FEDORA-2022-5b5889f43a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lua-users.org/lists/lua-l/2022-02/msg00001.html"
},
{
"url": "https://lua-users.org/lists/lua-l/2022-02/msg00070.html"
},
{
"url": "https://lua-users.org/lists/lua-l/2022-04/msg00009.html"
},
{
"url": "https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa"
},
{
"name": "FEDORA-2022-b9ed35a7ad",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/"
},
{
"name": "FEDORA-2022-5b5889f43a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28805",
"datePublished": "2022-04-08T00:00:00.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:03:53.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44964 (GCVE-0-2021-44964)
Vulnerability from cvelistv5 – Published: 2022-03-14 14:24 – Updated: 2024-08-04 04:32
VLAI
Summary
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lua-users.org/lists/lua-l/2021-11/msg00186.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2021-12/msg00007.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2021-12/msg00015.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2021-12/msg00030.html | x_refsource_MISC |
| https://github.com/Lua-Project/lua-5.4.4-sandbox-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:24:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"
},
{
"name": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability",
"refsource": "MISC",
"url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44964",
"datePublished": "2022-03-14T14:24:51.000Z",
"dateReserved": "2021-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44647 (GCVE-0-2021-44647)
Vulnerability from cvelistv5 – Published: 2022-01-11 00:00 – Updated: 2024-08-04 04:25
VLAI
Summary
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00195.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00204.html"
},
{
"name": "FEDORA-2022-473560d1a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2021-44647"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00195.html"
},
{
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00204.html"
},
{
"name": "FEDORA-2022-473560d1a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2021-44647"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44647",
"datePublished": "2022-01-11T00:00:00.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43519 (GCVE-0-2021-43519)
Vulnerability from cvelistv5 – Published: 2021-11-09 12:26 – Updated: 2024-08-04 03:55
VLAI
Summary
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lua-users.org/lists/lua-l/2021-10/msg00123.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2021-11/msg00015.html | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html"
},
{
"name": "FEDORA-2022-e6b2bd5b50",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/"
},
{
"name": "FEDORA-2022-473560d1a6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T04:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html"
},
{
"name": "FEDORA-2022-e6b2bd5b50",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/"
},
{
"name": "FEDORA-2022-473560d1a6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html"
},
{
"name": "FEDORA-2022-e6b2bd5b50",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/"
},
{
"name": "FEDORA-2022-473560d1a6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43519",
"datePublished": "2021-11-09T12:26:22.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:29.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24369 (GCVE-0-2020-24369)
Vulnerability from cvelistv5 – Published: 2020-08-17 16:06 – Updated: 2024-08-04 15:12
VLAI
Summary
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.lua.org/bugs.html#5.4.0-12 | x_refsource_MISC |
| https://github.com/lua/lua/commit/ae5b5ba529753c7… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lua.org/bugs.html#5.4.0-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T16:06:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lua.org/bugs.html#5.4.0-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.lua.org/bugs.html#5.4.0-12",
"refsource": "MISC",
"url": "https://www.lua.org/bugs.html#5.4.0-12"
},
{
"name": "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24369",
"datePublished": "2020-08-17T16:06:42.000Z",
"dateReserved": "2020-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:08.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24371 (GCVE-0-2020-24371)
Vulnerability from cvelistv5 – Published: 2020-08-17 16:06 – Updated: 2024-08-04 15:12
VLAI
Summary
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/lua/lua/commit/a6da1472c0c5e05… | x_refsource_MISC |
| https://www.lua.org/bugs.html#5.4.0-10 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lua.org/bugs.html#5.4.0-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T20:17:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lua.org/bugs.html#5.4.0-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110"
},
{
"name": "https://www.lua.org/bugs.html#5.4.0-10",
"refsource": "MISC",
"url": "https://www.lua.org/bugs.html#5.4.0-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24371",
"datePublished": "2020-08-17T16:06:14.000Z",
"dateReserved": "2020-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:08.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24370 (GCVE-0-2020-24370)
Vulnerability from cvelistv5 – Published: 2020-08-17 00:00 – Updated: 2024-08-04 15:12
VLAI
Summary
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00324.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b"
},
{
"name": "FEDORA-2020-d7ed9f18ff",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/"
},
{
"name": "FEDORA-2020-c83556709c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/"
},
{
"name": "[debian-lts-announce] 20200926 [SECURITY] [DLA 2381-1] lua5.3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html"
},
{
"name": "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00324.html"
},
{
"url": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b"
},
{
"name": "FEDORA-2020-d7ed9f18ff",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/"
},
{
"name": "FEDORA-2020-c83556709c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/"
},
{
"name": "[debian-lts-announce] 20200926 [SECURITY] [DLA 2381-1] lua5.3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html"
},
{
"name": "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24370",
"datePublished": "2020-08-17T00:00:00.000Z",
"dateReserved": "2020-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:08.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24342 (GCVE-0-2020-24342)
Vulnerability from cvelistv5 – Published: 2020-08-13 18:54 – Updated: 2024-08-04 15:12
VLAI
Summary
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lua-users.org/lists/lua-l/2020-07/msg00052.html | x_refsource_MISC |
| https://github.com/lua/lua/commit/34affe7a63fc5d8… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27"
},
{
"name": "FEDORA-2020-38e35de8aa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T18:06:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27"
},
{
"name": "FEDORA-2020-38e35de8aa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00052.html"
},
{
"name": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27"
},
{
"name": "FEDORA-2020-38e35de8aa",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24342",
"datePublished": "2020-08-13T18:54:20.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:08.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15945 (GCVE-0-2020-15945)
Vulnerability from cvelistv5 – Published: 2020-07-24 20:05 – Updated: 2025-02-19 14:35
VLAI
Summary
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00123.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T14:35:13.589Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00123.html"
},
{
"url": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3"
},
{
"url": "https://www.lua.org/bugs.html#5.4.0-8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00123.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00123.html"
},
{
"name": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15945",
"datePublished": "2020-07-24T20:05:57.000Z",
"dateReserved": "2020-07-24T00:00:00.000Z",
"dateUpdated": "2025-02-19T14:35:13.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15888 (GCVE-0-2020-15888)
Vulnerability from cvelistv5 – Published: 2020-07-21 21:36 – Updated: 2024-08-04 13:30
VLAI
Summary
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/lua/lua/commit/eb41999461b6f42… | x_refsource_MISC |
| https://github.com/lua/lua/commit/6298903e35217ab… | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2020-07/msg00053.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2020-07/msg00054.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2020-07/msg00071.html | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2020-07/msg00079.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00054.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00071.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00079.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T21:36:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00054.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00071.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00079.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5"
},
{
"name": "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7"
},
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00053.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00053.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00054.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00054.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00071.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00071.html"
},
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00079.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00079.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15888",
"datePublished": "2020-07-21T21:36:02.000Z",
"dateReserved": "2020-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:23.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15889 (GCVE-0-2020-15889)
Vulnerability from cvelistv5 – Published: 2020-07-21 21:35 – Updated: 2024-08-04 13:30
VLAI
Summary
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lua-users.org/lists/lua-l/2020-07/msg00078.html | x_refsource_MISC |
| https://github.com/lua/lua/commit/127e7a6c8942b36… | x_refsource_MISC |
| http://lua-users.org/lists/lua-l/2020-12/msg00157.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00078.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2020-12/msg00157.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T20:36:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00078.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lua-users.org/lists/lua-l/2020-12/msg00157.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lua-users.org/lists/lua-l/2020-07/msg00078.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-07/msg00078.html"
},
{
"name": "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312",
"refsource": "MISC",
"url": "https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312"
},
{
"name": "http://lua-users.org/lists/lua-l/2020-12/msg00157.html",
"refsource": "MISC",
"url": "http://lua-users.org/lists/lua-l/2020-12/msg00157.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15889",
"datePublished": "2020-07-21T21:35:49.000Z",
"dateReserved": "2020-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:23.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6706 (GCVE-0-2019-6706)
Vulnerability from cvelistv5 – Published: 2019-01-23 00:00 – Updated: 2024-08-04 20:31
VLAI
Summary
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
Date Public
2019-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e"
},
{
"tags": [
"x_transferred"
],
"url": "http://lua-users.org/lists/lua-l/2019-01/msg00039.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"name": "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html"
},
{
"url": "https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf"
},
{
"url": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e"
},
{
"url": "http://lua-users.org/lists/lua-l/2019-01/msg00039.html"
},
{
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"name": "[debian-lts-announce] 20230622 [SECURITY] [DLA 3469-1] lua5.3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6706",
"datePublished": "2019-01-23T00:00:00.000Z",
"dateReserved": "2019-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5461 (GCVE-0-2014-5461)
Vulnerability from cvelistv5 – Published: 2014-09-04 00:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/08/21/4 | mailing-list |
| http://www.ubuntu.com/usn/USN-2338-1 | vendor-advisory |
| https://security.gentoo.org/glsa/201701-53 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2014/08/27/2 | mailing-list |
| http://www.securityfocus.com/bid/69342 | vdb-entry |
| http://secunia.com/advisories/59890 | third-party-advisory |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisory |
| http://www.debian.org/security/2014/dsa-3016 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2014/08/21/1 | mailing-list |
| http://secunia.com/advisories/60869 | third-party-advisory |
| http://www.debian.org/security/2014/dsa-3015 | vendor-advisory |
| http://secunia.com/advisories/61411 | third-party-advisory |
| http://www.lua.org/bugs.html#5.2.2-1 | |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisory |
| http://advisories.mageia.org/MGASA-2014-0414.html | |
| https://security.gentoo.org/glsa/202305-23 | vendor-advisory |
Date Public
2014-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/4"
},
{
"name": "USN-2338-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2338-1"
},
{
"name": "GLSA-201701-53",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-53"
},
{
"name": "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/27/2"
},
{
"name": "69342",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69342"
},
{
"name": "59890",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/59890"
},
{
"name": "MDVSA-2015:144",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144"
},
{
"name": "DSA-3016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3016"
},
{
"name": "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/1"
},
{
"name": "60869",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/60869"
},
{
"name": "DSA-3015",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3015"
},
{
"name": "61411",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/61411"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.lua.org/bugs.html#5.2.2-1"
},
{
"name": "openSUSE-SU-2014:1145",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0414.html"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140821 Re: CVE request: possible overflow in vararg functions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/4"
},
{
"name": "USN-2338-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2338-1"
},
{
"name": "GLSA-201701-53",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201701-53"
},
{
"name": "[oss-security] 20140827 Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/27/2"
},
{
"name": "69342",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/69342"
},
{
"name": "59890",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/59890"
},
{
"name": "MDVSA-2015:144",
"tags": [
"vendor-advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144"
},
{
"name": "DSA-3016",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3016"
},
{
"name": "[oss-security] 20140821 CVE request: possible overflow in vararg functions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/1"
},
{
"name": "60869",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/60869"
},
{
"name": "DSA-3015",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3015"
},
{
"name": "61411",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/61411"
},
{
"url": "http://www.lua.org/bugs.html#5.2.2-1"
},
{
"name": "openSUSE-SU-2014:1145",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html"
},
{
"url": "http://advisories.mageia.org/MGASA-2014-0414.html"
},
{
"name": "GLSA-202305-23",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-5461",
"datePublished": "2014-09-04T00:00:00.000Z",
"dateReserved": "2014-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:49.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}