The vulnerability of the lua_resume component in the ldo.c script interpreter of Lua allows a hacker to cause a service failure.

The vulnerability of the luaresume component in the ldo.c script interpreter of Lua is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...

Azure Linux 3.0 Security Update: redis / valkey (CVE-2024-46981)

The version of redis / valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46981 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated user May use a...

Azure Linux 3.0 Security Update: lua / nmap / ntopng (CVE-2022-33099)

The version of lua / nmap / ntopng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-33099 advisory. - An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow...

CVE-2021-43519 affecting package lua for versions less than 5.4.4-1

CVE-2021-43519 affecting package lua for versions less than 5.4.4-1. A patched version of the package is available...

CVE-2020-15945 affecting package lua for versions less than 5.4.0-1

CVE-2020-15945 affecting package lua for versions less than 5.4.0-1. A patched version of the package is available...

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

MGASA-2025-0033 Updated redis packages fix security vulnerabilities

Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...

Updated redis packages fix security vulnerabilities

Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...

ROS-20250203-11

A vulnerability in the luaupvaluejoin function lapi.c of the Lua script interpreter is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in the luaresume ldo.c component of the Lua...

ROS-20250203-12

A vulnerability in the ldebug.c component of the Lua script interpreter involves an integer loss of significance. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Advisory ROSA-SA-2025-2620

software: lua 5.3.6 WASP: ROSA-CHROME packageevrstring: lua-5.3.6-1 CVE-ID: CVE-2020-15945 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Lua: Vulnerability segmentation fault due to incorrect update of oldpc value during function control return. CVE-STATUS: Vulnerability resolved CVE-REV: To close the...

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

redis: Lua library commands may lead to stack overflow and RCE in Redis

A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...