CVE-2026-24827 affecting package lua for versions less than 5.4.4-2

CVE-2026-24827 affecting package lua for versions less than 5.4.4-2. A patched version of the package is available...

EUVD-2020-7916

Malware in sbrugna...

EUVD-2021-19640

Malware in sbrugna...

CVE-2025-26205

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

CVE-2021-45985

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read...

SUSE CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-41192 CVE-2022-33099 affecting package ntopng for versions less than 5.2.1-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

ALPINE-CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

UBUNTU-CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

PT-2021-4058 · Lua +2 · Lua +2

Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: An issue in Prosody allows an attacker to potentially reveal the contents of secret strings through a timing attack. This is due to the use of a non-constant-time algorithm for comparing certain...

Lua Buffer Overflow Vulnerability

Lua is a lightweight, extensible open source scripting language from the Lua team. A buffer overflow vulnerability exists in luaOpushvfstring in Lua 5.4.0 and earlier versions, which originates when a networked system or product performs an operation in memory without properly validating the data...

MGASA-2015-0034 Updated freeciv packages fix a security vulnerability

Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with...

CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments...