Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lua lua vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-24342
Lua up to and including 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
Lua Lua 5.4.0
Fedoraproject Fedora 33
9.1
CVSSv3
CVE-2020-9432
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Lua-openssl Project Lua-openssl 0.7.7-1
9.1
CVSSv3
CVE-2020-9433
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Lua-openssl Project Lua-openssl 0.7.7-1
9.1
CVSSv3
CVE-2020-9434
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Lua-openssl Project Lua-openssl 0.7.7-1
9.1
CVSSv3
CVE-2022-28805
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Lua Lua
Fedoraproject Fedora 35
Fedoraproject Fedora 36
2 Github repositories
7.5
CVSSv3
CVE-2022-33099
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Lua Lua
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5.3
CVSSv3
CVE-2020-24370
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Lua Lua 5.4.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2019-6706
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
Lua Lua 5.3.5
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
1 EDB exploit
5.3
CVSSv3
CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) prior to 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
Openresty Lua-nginx-module
7.5
CVSSv3
CVE-2023-3040
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an malicious user to launch a DoS if the function was used to parse untrusted input data. It i...
Cloudflare Lua-resty-json
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »