3324 matches found
UBUNTU-CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
PT-2023-12563 · Lua +1 · Lua +1
Name of the Vulnerable Software and Affected Versions: Lua version 5.4.3 Description: The issue is related to an erroneous finalizer called during a tail call, leading to a heap-based buffer over-read in Lua 5.4.3. Recommendations: For Lua version 5.4.3, at the moment, there is no information abo...
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
CVE-2021-45985
CVE-2021-45985 affects Lua 5.4.3 where an erroneous finalizer during a tail call can cause a heap-based buffer over-read, leading to potential denial of service. Public docs in connected sources confirm the vulnerable component (Lua 5.4.3) and the heap over-read impact, but do not provide explici...
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
CVE-2021-45985
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...
Lua 缓冲区错误漏洞
Lua is a lightweight, extensible open source scripting language from the LUA team. A security vulnerability exists in Lua version 5.4.3, which stems from a faulty terminator during a tail call that can lead to an over-read of a heap-based buffer...
lua security update
An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lua packages provide support for Lua, a powerful light-weight programming...
RLSA-2023:0957 Moderate: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: use after free allows Sandbox Escape CVE-2021-44964 lua: stack overflow in...
Rocky Linux 9 : lua (RLSA-2023:0957)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0957 advisory. - Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...
CVE-2023-27492
A flaw was found in Envoy. This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash...
CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with t...
CVE-2023-27492
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger...
Design/Logic Flaw
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger...
CVE-2023-27492
CVE-2023-27492 describes a denial-of-service in Envoy’s Lua filter prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, triggered by large request bodies on routes with Lua enabled. The issue arises from the Lua coroutine being invoked even when the filter has been reset, leading to cras...
CVE-2023-27492 Envoy may crash when a large request body is processed in Lua filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger...
CVE-2023-27492 Envoy may crash when a large request body is processed in Lua filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger...
CVE-2023-27492 Envoy may crash when a large request body is processed in Lua filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger...
Envoy 安全漏洞
Envoy is an open source distributed proxy server.Lua is a lightweight, extensible open source scripting language from the LUA team. A security vulnerability exists in Envoy that stems from the vulnerability of Lua filters to denial-of-service attacks...