In LuaJIT through 2.0.5 as used in Moonjit before 2.1.2 and other products debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However not all users of later LuaJIT derivatives share this perspective

...

Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time JIT compiler for the Lua programming...

SUSE CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

SUSE CVE-2020-24372

LuaJIT through 2.1.0-beta3 has an out-of-bounds read in ljerrrun in ljerr.c...

[SECURITY] Fedora 37 Update: knot-resolver-5.5.3-1.fc37

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

Malicious code in luajit-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 718bc56e7c32d3ab48a03462901c3da867a613c8367e983f81983b6df739286d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4417 Malicious code in luajit-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 718bc56e7c32d3ab48a03462901c3da867a613c8367e983f81983b6df739286d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in luajit-stdlib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45b78e7ade789bb8def418f760cb87a5ee7cc0bf5135ba824d6de5872ef369e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4418 Malicious code in luajit-stdlib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45b78e7ade789bb8def418f760cb87a5ee7cc0bf5135ba824d6de5872ef369e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mageia: Security Advisory (MGASA-2020-0342)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Remote Code Execution (RCE)

luajit is vulnerable to remote code execution. The vulnerability exists due to a type confusion in debug.getinfo...

Advisory ROSA-SA-2021-1911

Software: luajit 2.0.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-24372 CVE-Crit: HIGH CVE-DESC: LuaJIT before 2.1.0-beta3 has out-of-range reads in ljerrrun in ljerr.c. CVE-STATUS: default CVE-REV: default...

Libinjection - SQL / SQLI Tokenizer Parser Analyzer

SQL / SQLI tokenizer parser analyzer. For C and C++ PHP Python Lua Java external port LuaJIT/FFI https://github.com/p0pr0ck5/lua-ffi-libinjection external port See https://www.client9.com/ for details and presentations. Simple example: fingerprint of '%s'\n", state.fingerprint; return issqli; "...

Out-of-Bounds Read

LuaJit is vulnerable to out-of-bounds read. This vulnerability existed because the gc handler frame traversal is mishandled...

Fedora: Security Advisory for knot-resolver (FEDORA-2020-52e28feab6)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: knot-resolver-5.1.3-1.fc31

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

Ubuntu: Security Advisory (USN-4501-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4501-1: LuaJIT vulnerability

It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose sensitive information. CVE-2020-15890...

USN-4501-1 luajit vulnerability

It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose sensitive information. CVE-2020-15890...

Ubuntu 16.04 LTS : LuaJIT vulnerability (USN-4501-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4501-1 advisory. It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose...