23 matches found
MiracleLinux 9 : lua-5.4.4-3.el9 (AXSA:2023-5344:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5344:03 advisory. lua: heap buffer overread CVE-2022-28805 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...
Linux Distros Unpatched Vulnerability : CVE-2022-28805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that...
Ubuntu 22.04 LTS : Lua vulnerabilities (USN-6916-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6916-1 advisory. It was discovered that Lua did not properly generate code when ENV is constant. An attacker could possibly use this issue to cause a denial of service or...
Ubuntu: Security Advisory (USN-6916-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6916-1: Lua vulnerabilities
It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is available...
CVE-2022-28805 affecting package lua for versions less than 5.4.4-2
CVE-2022-28805 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...
CentOS 9 : lua-5.4.4-3.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the lua-5.4.4-3.el9 build changelog. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-re...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to arbitrary code execution due to [CVE-2022-28805]
Summary Lua is not used directly by IBM App Connect Enterprise Certified Container at runtime, but is present in the Dashboard operand images. Lua is vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Lua. CVE-2022-28805...
lua security update
5.4.4-3 - Apply upstream patch for CVE-2022-28805...
AlmaLinux 9 : lua (ALSA-2023:2582)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2582 advisory. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that mig...
Low: Red Hat Security Advisory: lua security update
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
Low: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...
ALSA-2023:2582 Low: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...
CBL Mariner 2.0 Security Update: lua (CVE-2022-28805)
The version of lua installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28805 advisory. - singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call,...
CVE-2022-28805 affecting package lua for versions less than 5.4.3-2
CVE-2022-28805 affecting package lua for versions less than 5.4.3-2. A patched version of the package is available...
CVE-2022-28805 affecting package lua 5.3.5-8
CVE-2022-28805 affecting package lua 5.3.5-8. A patched version of the package is available...
CVE-2022-28805
singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...
CVE-2022-28805
singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...
CVE-2022-28805
singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...