CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45985
https://notcve.org/view.php?id=CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. • http://lua-users.org/lists/lua-l/2021-12/msg00019.html https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 https://www.lua.org/bugs.html#5.4.3-11 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2022-33099 – lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling
https://notcve.org/view.php?id=CVE-2022-33099
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. Un problema en el componente luaG_runerror de Lua versiones v5.4.4 y posteriores, conlleva a un desbordamiento del búfer de la pila cuando es producido un error recursivo A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in 'luaG_runerror', or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service. • https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA https://lua-users.org/lists/lua-l/2022-05/msg00035.html https://lua-users.org/lists/lua-l/2022-05/msg00042.html https://lua-users.org/lists/lua-l/2022-05/msg00073.html https://www.lua.org/ • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 3CVE-2022-28805 – lua: heap buffer overread
https://notcve.org/view.php?id=CVE-2022-28805
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. singlevar en lparser.c en Lua desde (incluyendo) 5.4.0 hasta (excluyendo) 5.4.4 carece de una determinada llamada a luaK_exp2anyregup, lo que lleva a una sobrelectura del búfer basada en la pila que podría afectar a un sistema que compila código Lua no fiable A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity. • https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA https://lua-users.org/lists/lua-l/2022-02/msg00001.html https://lua-users.org/lists/lua-l/2022-02/msg00070.html https://lua-users.org/lists/lua-l/2022-04/msg00009.html https://security.gentoo.o • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 3CVE-2021-44964 – lua: use after free allows Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. Un uso de memoria previamente liberada en el recolector de basura y en el finalizador de lgc.c en el intérprete de Lua versiones 5.4.0~5.4.3, permite a atacantes llevar a cabo un Escape del Sandbox por medio de un archivo de script diseñado A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape. • http://lua-users.org/lists/lua-l/2021-11/msg00186.html http://lua-users.org/lists/lua-l/2021-12/msg00007.html http://lua-users.org/lists/lua-l/2021-12/msg00015.html http://lua-users.org/lists/lua-l/2021-12/msg00030.html https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability https://access.redhat.com/security/cve/CVE-2021-44964 https://bugzilla.redhat.com/show_bug.cgi?id=2064772 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44647
https://notcve.org/view.php?id=CVE-2021-44647
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. Lua versión v5.4.3 y superiores están afectados por SEGV por confusión de tipo en la función funcnamefromcode en ldebug.c que puede causar una denegación de servicio local • http://lua-users.org/lists/lua-l/2021-11/msg00195.html http://lua-users.org/lists/lua-l/2021-11/msg00204.html https://access.redhat.com/security/cve/cve-2021-44647 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F https://security.gentoo.org/glsa/202305-23 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •