CVE-2020-9432
https://notcve.org/view.php?id=CVE-2020-9432
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. openssl_x509_check_host en lua-openssl versión 0.7.7-1, maneja inapropiadamente la comprobación del certificado X.509 porque usa lua_pushboolean para determinados valores de retorno no booleanos. • https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca • CWE-295: Improper Certificate Validation •
CVE-2020-9433
https://notcve.org/view.php?id=CVE-2020-9433
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. openssl_x509_check_email en lua-openssl versión 0.7.7-1, maneja inapropiadamente la comprobación del certificado X.509 porque usa lua_pushboolean para determinados valores de retorno no booleanos. • https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca • CWE-295: Improper Certificate Validation •
CVE-2020-9434
https://notcve.org/view.php?id=CVE-2020-9434
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. openssl_x509_check_ip_asc en lua-openssl versión 0.7.7-1, maneja inapropiadamente la comprobación del certificado X.509 porque usa lua_pushboolean para determinados valores de retorno no booleanos. • https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca • CWE-295: Improper Certificate Validation •
CVE-2019-6706 – Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
https://notcve.org/view.php?id=CVE-2019-6706
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. Lua 5.3.5 tiene un uso de memoria previamente liberada en lua_upvaluejoin en lapi.c. Por ejemplo, un atacante podría lograr un cierre inesperado al desencadenar una llamada debug.upvaluejoin en la que los argumentos tienen ciertas relaciones. Lua version 5.3.5 suffers from a use-after-free vulnerability. • https://www.exploit-db.com/exploits/46246 http://lua-users.org/lists/lua-l/2019-01/msg00039.html http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html https://access.redhat.com/security/cve/cve-2019-6706 https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html https://access.redhat.com • CWE-416: Use After Free •
CVE-2014-5461
https://notcve.org/view.php?id=CVE-2014-5461
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. Desbordamiento de buffer en las funciones vararg en ldo.c en Lua 5.1 hasta 5.2.x anterior a 5.2.3 permite a atacantes dependientes de contexto causar una denegación de servicio (caída) a través de un número pequeño de argumentos en una función con un número grande de argumentos fijos. • http://advisories.mageia.org/MGASA-2014-0414.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html http://secunia.com/advisories/59890 http://secunia.com/advisories/60869 http://secunia.com/advisories/61411 http://www.debian.org/security/2014/dsa-3015 http://www.debian.org/security/2014/dsa-3016 http://www.lua.org/bugs.html#5.2.2-1 http://www.mandriva.com/security/advisories?name=MDVSA-2015:144 http://www.openwall.com/lists/oss-security/2014/08/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •