Published: 04/09/2014 Updated: 03/05/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 up to and including 5.2.x prior to 5.2.3 allows context-dependent malicious users to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 12.3
opensuse opensuse 13.1
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
debian debian linux 7.0
lua lua 5.1.3
lua lua 5.1.4
lua lua 5.1.2
lua lua 5.1.5
lua lua 5.1.1
lua lua 5.1
lua lua 5.2.1
lua lua 5.2.0
lua lua 5.2.2
mageia mageia 3.0
mageia mageia 4.0

Lua could be made to crash or run programs ...

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution For the stable distribution (wheezy), this problem has been fixed in version 5 ...

Buffer overflow in the vararg functions in ldoc in Lua 51 through 52x before 523 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments ...

A buffer overflow in the vararg functions in ldoc in Lua 51 through 52x before 523 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments ...

Lunacy is a fork of Lua 5.1 being actively maintained

Lunacy is a fork of Lua 515 (why 51? Because it's about 20% smaller than Lua 53 and because there’s a lot of code based on Lua 51: Roblox Luau, LuaJIT, Gopher Lua, Adobe Lightroom Classic, etc) designed to be a tiny yet powerful stand alone scripting language This is designed to be compiled as a tiny Windows binary, but it also compiles and runs in Linux (Cen

CWE-119 http://www.openwall.com/lists/oss-security/2014/08/21/4 http://www.securityfocus.com/bid/69342 http://www.openwall.com/lists/oss-security/2014/08/21/1 http://www.debian.org/security/2014/dsa-3016 http://www.debian.org/security/2014/dsa-3015 http://www.lua.org/bugs.html#5.2.2-1 http://www.openwall.com/lists/oss-security/2014/08/27/2 http://secunia.com/advisories/59890 http://secunia.com/advisories/60869 http://www.ubuntu.com/usn/USN-2338-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html http://advisories.mageia.org/MGASA-2014-0414.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:144 http://secunia.com/advisories/61411 https://security.gentoo.org/glsa/201701-53 https://security.gentoo.org/glsa/202305-23 https://usn.ubuntu.com/2338-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-5461

CVE-2014-5461

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect