UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

SUSE-SU-2022:0065-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. bsc1193943 - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in modlua. bsc1193942...

AZL-9317 CVE-2021-44647 affecting package lua for versions less than 5.4.3-3

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service...

Lua安全漏洞

Lua is a lightweight, extensible open source scripting language from the Lua LUA team. Lua 5.4.4 and 5.4.2 have a security vulnerability that stems from a type obfuscation vulnerability in the funcnamefromcode function in lldebug.c, which can be exploited by an attacker to cause a local denial of...

Debian: Security Advisory (DSA-4750-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Lua Code Problems Vulnerabilities

Lua is a lightweight, extensible open source scripting language from the Lua team. A code issue vulnerability exists in the ldebug.c file in Lua version 5.4.0. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. No detaile...

AZL-41149 CVE-2020-24370 affecting package lua for versions less than 5.4.6-1

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

DEBIAN-CVE-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

CVE-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...

CVE-2020-15945

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

AZL-6671 CVE-2020-15945 affecting package lua for versions less than 5.4.3-1

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

PT-2020-14728 · Lua +1 · Lua +1

Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.1 Description: The issue is related to a segmentation fault in the changedline function in ldebug.c, which can be triggered when luaG traceexec is called. This occurs because the code incorrectly assumes that the old...

DEBIAN-CVE-2020-15888

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...

Ubuntu 16.04 LTS / 18.04 LTS : Lua vulnerability (USN-3941-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3941-1 advisory. Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. Tenable h...

AZL-6669 CVE-2019-6706 affecting package lua for versions less than 5.3.5-11

Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships...

TP-Link Archer C9(UN) Arbitrary Password Reset Vulnerability

TP-Link Archer C9UN is a wireless router product from China P&L TP-LINK. A security vulnerability exists in the passwdrecovery.lua file in the TP-Link Archer C9UN version V2160517. An attacker can exploit the vulnerability to reset the administrator password...

Ubuntu 14.04 LTS : Lua vulnerability (USN-2338-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2338-1 advisory. It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua...

PT-2014-1807 · Lua +2 · Lua +2

Name of the Vulnerable Software and Affected Versions: Lua versions 5.1 through 5.2.x before 5.2.3 Description: The issue is caused by a buffer overflow in the vararg functions in ldo.c, allowing context-dependent attackers to cause a denial of service crash via a small number of arguments to a...

DEBIAN-CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...