CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-43519 – lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file
https://notcve.org/view.php?id=CVE-2021-43519
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. UN desbordamiento de pila en la función lua_resume del archivo ldo.c en Lua Interpreter versiones 5.1.0~5.4.4, permite a atacantes llevar a cabo una Denegación de Servicio por medio de un archivo de script diseñado A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. • http://lua-users.org/lists/lua-l/2021-10/msg00123.html http://lua-users.org/lists/lua-l/2021-11/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F https://access.redhat.com/security/cve/CVE-2021-43519 https://bugzilla.redhat.com/show_bug.cgi?id=2047672 • CWE-674: Uncontrolled Recursion CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15945
https://notcve.org/view.php?id=CVE-2020-15945
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. Lua versiones hasta 5.4.0, presenta un fallo de segmentación en la función changedline en el archivo ldebug.c (por ejemplo, cuando es llamado por luaG_traceexec) porque espera incorrectamente que un valor oldpc siempre es actualizado siempre al regresar el flujo de control a una función • http://lua-users.org/lists/lua-l/2020-07/msg00123.html https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 3CVE-2019-6706 – Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
https://notcve.org/view.php?id=CVE-2019-6706
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. Lua 5.3.5 tiene un uso de memoria previamente liberada en lua_upvaluejoin en lapi.c. Por ejemplo, un atacante podría lograr un cierre inesperado al desencadenar una llamada debug.upvaluejoin en la que los argumentos tienen ciertas relaciones. Lua version 5.3.5 suffers from a use-after-free vulnerability. • https://www.exploit-db.com/exploits/46246 http://lua-users.org/lists/lua-l/2019-01/msg00039.html http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html https://access.redhat.com/security/cve/cve-2019-6706 https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html https://access.redhat.com • CWE-416: Use After Free •