CVE-2022-33099
lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Un problema en el componente luaG_runerror de Lua versiones v5.4.4 y posteriores, conlleva a un desbordamiento del bĂșfer de la pila cuando es producido un error recursivo
A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in 'luaG_runerror', or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-13 CVE Reserved
- 2022-07-01 CVE Published
- 2024-02-20 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://lua-users.org/lists/lua-l/2022-05/msg00035.html | 2024-08-03 | |
| https://lua-users.org/lists/lua-l/2022-05/msg00042.html | 2024-08-03 | |
| https://lua-users.org/lists/lua-l/2022-05/msg00073.html | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lua Search vendor "Lua" | Lua Search vendor "Lua" for product "Lua" | >= 5.4.2 <= 5.4.4 Search vendor "Lua" for product "Lua" and version " >= 5.4.2 <= 5.4.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||