singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-main | noarch | lua5.4 | < 5.4.4-r4 | UNKNOWN |
Alpine | 3.14-main | noarch | lua5.4 | < 5.4.3-r1 | UNKNOWN |
Alpine | 3.15-main | noarch | lua5.4 | < 5.4.3-r1 | UNKNOWN |
Alpine | 3.16-main | noarch | lua5.4 | < 5.4.4-r4 | UNKNOWN |
Alpine | 3.17-main | noarch | lua5.4 | < 5.4.4-r4 | UNKNOWN |
Alpine | 3.18-main | noarch | lua5.4 | < 5.4.4-r4 | UNKNOWN |
Alpine | 3.19-main | noarch | lua5.4 | < 5.4.4-r4 | UNKNOWN |