Published: 08/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

singlevar in lparser.c in Lua up to and including 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lua lua
fedoraproject fedora 35
fedoraproject fedora 36

Debian Bug report logs - #1010265 CVE-2022-28805 Package: lua54; Maintainer for lua54 is Debian Lua Team <pkg-lua-devel@listsaliothdebianorg>; Source for lua54 is src:lua54 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Apr 2022 11:57:07 UTC Severity: important Tags: secu ...

Synopsis Important: Network observability 130 for Openshift Type/Severity Security Advisory: Important Topic Network Observability 130 for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ava ...

Synopsis Important: Security Update for cert-manager Operator for Red Hat OpenShift 1103 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1103Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgive ...

Synopsis Moderate: OpenShift sandboxed containers 141 security update Type/Severity Security Advisory: Moderate Topic OpenShift sandboxed containers 141 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed seve ...

Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

singlevar in lparserc in Lua through 544 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code ...

A stack overflow issue was discovered in Lua in the lua_resume() function of ldoc This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service (CVE-2021-43519) A flaw was found in Lua An SEGV crash in the funcnamefromcode() function in ldebugc during error handling ...

A heap buffer-overflow vulnerability was found in Lua The flaw occurs due to vulnerable code present in the lparserc function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity (CVE-2022-28805) A vulnerability was found in Lua During error handling, the luaG_errormsg() component uses slots from ...

The CBuild-ng compilation system is a more powerful and flexible build system than Buildroot, and faster and succincter than Yocto. It mainly consists: a task parsing management executor, configured with menuconfig, run by make; a compilation tool comparable to CMake; a set of scripts that handle the entire process of software compilation.

CBuild-ng Compilation System 中文版 Overview The CBuild-ng compilation system is a more powerful and flexible build system than Buildroot, faster and succincter than Yocto, easier to understand and use than Buildroot and Yocto It doesn't have a steep learning curve and doesn't re-define a new language, the total core codes are about 4000 lines which are composed o

The CBuild compilation system is a more powerful and flexible build system than Buildroot, and faster and succincter than Yocto.

CBuild Compilation System 中文版 CBuild suspends development of new features, please upgrade to Cbuild-ng, Cbuild-ng and Cbuild are not fully compatible Overview The CBuild compilation system is a more powerful and flexible build system than Buildroot, and faster and succincter than Yocto It doesn't have a steep learning curve and doesn't re-define a new language

CWE-125 https://lua-users.org/lists/lua-l/2022-02/msg00001.html https://lua-users.org/lists/lua-l/2022-02/msg00070.html https://lua-users.org/lists/lua-l/2022-04/msg00009.html https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa https://security.gentoo.org/glsa/202305-23 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010265 https://nvd.nist.gov https://github.com/lengjingzju/cbuild-ng https://access.redhat.com/security/cve/cve-2022-28805

CVE-2022-28805

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect