Lucene search

K

MitreCVELIST:CVE-2022-28805

HistoryApr 08, 2022 - 12:00 a.m.

CVE-2022-28805

2022-04-0800:00:00

mitre

www.cve.org

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

References

github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/

lua-users.org/lists/lua-l/2022-02/msg00001.html

lua-users.org/lists/lua-l/2022-02/msg00070.html

lua-users.org/lists/lua-l/2022-04/msg00009.html

security.gentoo.org/glsa/202305-23

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

Related for CVELIST:CVE-2022-28805

photon6 ibm1 nvd1 cbl_mariner3 nessus9 redhat7 osv3 debiancve1 almalinux1 redhatcve1 ubuntucve1 cve1 prion1 oraclelinux1 alpinelinux1 veracode1 openvas2 fedora2 gentoo1