CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

SUSE CVE•added 2023/02/15 3:36 a.m.•1 views

SUSE CVE-2021-43519

Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...

3.3CVSS9.1AI score0.01136EPSS

Exploits1References3

Tenable Nessus•added 2022/11/04 12:0 a.m.•43 views

Amazon Linux 2022 : lua, lua-devel, lua-libs (ALAS2022-2022-176)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-176 advisory. A stack overflow issue was discovered in Lua in the luaresume function of ldo.c. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that...

9.1CVSS6.7AI score0.02836EPSS

Exploits4References9

BDU FSTEC•added 2022/07/26 12:0 a.m.•3 views

The vulnerability of the implementation of the singlevar() function in the Lua interpreter allows a hacker to execute arbitrary code.

The vulnerability of the singlevar function implementation in Lua interpreters is related to a buffer out-of-bound read error in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

9.4CVSS8.4AI score0.02836EPSS

Exploits1References7Affected Software2

CNVD•added 2022/03/28 12:0 a.m.•26 views

Lua Resource Management Error Vulnerability

Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...

4.3CVSS6.3AI score0.01027EPSS

Exploits1Affected Software1

Microsoft CVE•added 2022/03/21 7:0 a.m.•3 views

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

...

6.3CVSS6.8AI score0.01027EPSS

Exploits1

RedhatCVE•added 2022/03/16 3:6 p.m.•37 views

CVE-2021-44964

A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape. Mitigation Ensure that the Lua interpreter runs only trusted scripts...

7CVSS3.3AI score0.01027EPSS

Exploits1References5

OSV•added 2022/03/14 3:15 p.m.•3 views

AZL-60034 CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS6.8AI score0.01027EPSS

Exploits1References1

OSV•added 2022/03/14 3:15 p.m.•24 views

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS7.3AI score

Exploits0References5

NVD•added 2022/03/14 3:15 p.m.•18 views

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS0.01027EPSS

Exploits1References5

UbuntuCve•added 2022/03/14 3:15 p.m.•35 views

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS6.8AI score0.01027EPSS

Exploits1References6

OSV•added 2022/03/14 3:15 p.m.•0 views

UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS6.8AI score0.01027EPSS

Exploits1References7

Prion•added 2022/03/14 3:15 p.m.•31 views

Double free

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

4.3CVSS6.5AI score0.01027EPSS

Exploits1References5Affected Software1

CVE•added 2022/03/14 2:24 p.m.•129 views

CVE-2021-44964

CVE-2021-44964 affects Lua interpreter 5.4.0–5.4.3, where use-after-free in the garbage collector/finalizer (lgc.c) enables Sandbox Escape via a crafted script file. Multiple connected advisories confirm the issue and note that patched versions exist (e.g., Lua 5.4.4+; e.g., 5.4.4-1 or newer) and...

6.3CVSS6.5AI score0.01027EPSS

Exploits1References5Affected Software1

Cvelist•added 2022/03/14 2:24 p.m.•19 views

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.9AI score0.01027EPSS

Exploits1References5