Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5461
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 up to and including 5.2.x prior to 5.2.3 allows context-dependent malicious users to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 7.0
Lua Lua 5.1.3
Lua Lua 5.1.4
Lua Lua 5.1.2
Lua Lua 5.1.5
Lua Lua 5.1.1
Lua Lua 5.1
Lua Lua 5.2.1
Lua Lua 5.2.0
Lua Lua 5.2.2
Mageia Mageia 3.0
Mageia Mageia 4.0
1 Github repository
6.3
CVSSv3
CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows malicious users to perform Sandbox Escape via a crafted script file.
Lua Lua
5.5
CVSSv3
CVE-2020-15945
Lua up to and including 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
Lua Lua
8.8
CVSSv3
CVE-2020-15888
Lua up to and including 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
Lua Lua 5.4.0
9.8
CVSSv3
CVE-2020-15889
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Lua Lua 5.4.0
7.5
CVSSv3
CVE-2020-24369
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
Lua Lua 5.4.0
5.3
CVSSv3
CVE-2020-24371
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Lua Lua 5.4.0
7.5
CVSSv3
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Lua Lua 5.4.3
5.5
CVSSv3
CVE-2021-43519
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows malicious users to perform a Denial of Service via a crafted script file.
Lua Lua
Fedoraproject Fedora 35
5.5
CVSSv3
CVE-2021-44647
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Lua Lua 5.4.3
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »