CVE-2020-24369

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference...

CVE-2020-24371

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage...

CVE-2020-24371

OpenSUSE/SUSE advisories confirm CVE-2020-24371 affects lua53 (Lua 5.3.x branch) in openSUSE Leap 15.3. Root cause: lgc.c mishandling the interaction between barriers and the sweep phase causes a memory access violation in collectgarbage. Upgrade Lua to version 5.3.6 as part of the openSUSE-SU-20...

CVE-2020-24371

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage...

PT-2020-15713 · Lua +1 · Lua +1

Name of the Vulnerable Software and Affected Versions: Lua version 5.4.0 Description: The issue is related to the interaction between barriers and the sweep phase in the lgc.c component of Lua, leading to a memory access violation involving collectgarbage. Recommendations: For Lua version 5.4.0, ...

CVE-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

PT-2020-15712 · Lua · Lua

Name of the Vulnerable Software and Affected Versions: Lua version 5.4.0 Description: The issue arises in the ldebug.c file of Lua 5.4.0, where it attempts to access debug information via the line hook of a stripped function. This results in a NULL pointer dereference. Recommendations: For Lua...

Lua Buffer Overflow Vulnerability

Lua is a lightweight, extensible open source scripting language from the Lua team. A buffer overflow vulnerability exists in luaOpushvfstring in Lua 5.4.0 and earlier versions, which originates when a networked system or product performs an operation in memory without properly validating the data...

CVE-2020-24370

CVE-2020-24370 affects Lua via a negation overflow in ldebug.c, enabling a segmentation fault in getlocal and setlocal. Connected sources confirm this impacts Lua 5.4.0 and publicly documented mitigations include Lua 5.3 and Lua 5.4.x patches; advisories from Debian (DLA-2381-1 and DLA-3469-1) an...

CVE-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

DEBIAN-CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

Stack overflow

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

CVE-2020-24342

CVE-2020-24342 concerns Lua up to version 5.4.0 where a stack redzone cross is possible in luaO_pushvfstring because a protection mechanism incorrectly calls luaD_callnoyield twice in a row. The provided sources (NVD/NVD-based entries and related advisories) describe the issue's root cause as thi...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

PT-2020-15693 · Lua · Lua

Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.1 Description: The issue allows a stack redzone cross in luaO pushvfstring due to a protection mechanism wrongly calling luaD callnoyield twice in a row. Recommendations: For Lua versions prior to 5.4.1, update to...

CVE-2020-13151

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...