Published: 14/03/2022 Updated: 21/03/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows malicious users to perform Sandbox Escape via a crafted script file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lua lua

Synopsis Moderate: lua security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for lua is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this upd ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

CWE-416 http://lua-users.org/lists/lua-l/2021-12/msg00030.html http://lua-users.org/lists/lua-l/2021-12/msg00015.html https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability http://lua-users.org/lists/lua-l/2021-11/msg00186.html http://lua-users.org/lists/lua-l/2021-12/msg00007.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:1211

CVE-2021-44964

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect