Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

lua lua vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2014-5461
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 up to and including 5.2.x prior to 5.2.3 allows context-dependent malicious users to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Opensuse Opensuse 12.3Opensuse Opensuse 13.1Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Debian Debian Linux 7.0Lua Lua 5.1.3Lua Lua 5.1.4Lua Lua 5.1.2Lua Lua 5.1.5Lua Lua 5.1.1Lua Lua 5.1Lua Lua 5.2.1Lua Lua 5.2.0Lua Lua 5.2.2Mageia Mageia 3.0Mageia Mageia 4.0
6.3
CVSSv3
CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows malicious users to perform Sandbox Escape via a crafted script file.
Lua Lua
5.5
CVSSv3
CVE-2020-15945
Lua up to and including 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Lua Lua
8.8
CVSSv3
CVE-2020-15888
Lua up to and including 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
Lua Lua 5.4.0
9.8
CVSSv3
CVE-2020-15889
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Lua Lua 5.4.0
7.5
CVSSv3
CVE-2020-24369
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
Lua Lua 5.4.0
5.3
CVSSv3
CVE-2020-24371
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Lua Lua 5.4.0
7.5
CVSSv3
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Lua Lua 5.4.3
5.5
CVSSv3
CVE-2021-43519
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows malicious users to perform a Denial of Service via a crafted script file.
Lua LuaFedoraproject Fedora 35
5.5
CVSSv3
CVE-2021-44647
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Lua Lua 5.4.3Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook