Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-33099

Published: 01/07/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Lua

Vulnerability Summary

A stack overflow issue exists in Lua in the lua_resume() function of ldo.c. This flaw allows a local malicious user to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. (CVE-2021-43519) A flaw was found in Lua. An SEGV crash in the funcnamefromcode() function in ldebug.c during error handling occurs in __close metamethods. This flaw allows an malicious user to cause a denial of service. (CVE-2021-44647) A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity. (CVE-2022-28805) A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in luaG_runerror, or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service. (CVE-2022-33099)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lua lua

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Debian CVElist Bug Report Logs: lua5.4: CVE-2022-33099
Debian Bug report logs - #1014935 lua54: CVE-2022-33099 Package: src:lua54; Maintainer for src:lua54 is Debian Lua Team <pkg-lua-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Jul 2022 20:06:01 UTC Severity: important Tags: security, upstream Found in version l ...
Red Hat: Moderate: lua security update
Synopsis Moderate: lua security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for lua is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security i ...
Red Hat: Important: Network observability 1.1.0 security update
Synopsis Important: Network observability 110 security update Type/Severity Security Advisory: Important Topic Network observability 110 release for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rati ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Red Hat:
An issue in the component luaG_runerror of Lua v544 and below leads to a heap-buffer overflow when a recursive error occurs ...
Amazon Linux 2022: ALAS2022-2022-176
A stack overflow issue was discovered in Lua in the lua_resume() function of ldoc This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service (CVE-2021-43519) A flaw was found in Lua An SEGV crash in the funcnamefromcode() function in ldebugc during error handling ...
Amazon Linux 2022: ALAS2022-2022-146
A heap buffer-overflow vulnerability was found in Lua The flaw occurs due to vulnerable code present in the lparserc function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity (CVE-2022-28805) A vulnerability was found in Lua During error handling, the luaG_errormsg() component uses slots from ...

References

CWE-787https://lua-users.org/lists/lua-l/2022-05/msg00073.htmlhttps://lua-users.org/lists/lua-l/2022-05/msg00042.htmlhttps://lua-users.org/lists/lua-l/2022-05/msg00035.htmlhttps://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670dafhttps://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20error:~:text=Lua-stack%20overflow%20when%20C%20stack%20overflows%20while%20handling%20an%20errorhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014935https://nvd.nist.govhttps://alas.aws.amazon.com/AL2022/ALAS-2022-176.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook