A stack overflow issue exists in Lua in the lua_resume() function of ldo.c. This flaw allows a local malicious user to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. (CVE-2021-43519) A flaw was found in Lua. An SEGV crash in the funcnamefromcode() function in ldebug.c during error handling occurs in __close metamethods. This flaw allows an malicious user to cause a denial of service. (CVE-2021-44647) A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity. (CVE-2022-28805) A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in luaG_runerror, or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service. (CVE-2022-33099)
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
lua lua 5.4.3 |
||
fedoraproject fedora 34 |
Vulmon