3308 matches found
PT-2020-15713 · Lua +1 · Lua +1
Name of the Vulnerable Software and Affected Versions: Lua version 5.4.0 Description: The issue is related to the interaction between barriers and the sweep phase in the lgc.c component of Lua, leading to a memory access violation involving collectgarbage. Recommendations: For Lua version 5.4.0, ...
CVE-2020-24370
CVE-2020-24370 affects Lua via a negation overflow in ldebug.c, enabling a segmentation fault in getlocal and setlocal. Connected sources confirm this impacts Lua 5.4.0 and publicly documented mitigations include Lua 5.3 and Lua 5.4.x patches; advisories from Debian (DLA-2381-1 and DLA-3469-1) an...
CVE-2020-24370
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...
DEBIAN-CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
Stack overflow
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaOpushvfstring because a protection mechanism wrongly calls luaDcallnoyield twice in a row...
CVE-2020-24342
CVE-2020-24342 concerns Lua up to version 5.4.0 where a stack redzone cross is possible in luaO_pushvfstring because a protection mechanism incorrectly calls luaD_callnoyield twice in a row. The provided sources (NVD/NVD-based entries and related advisories) describe the issue's root cause as thi...
PT-2020-15693 · Lua · Lua
Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.1 Description: The issue allows a stack redzone cross in luaO pushvfstring due to a protection mechanism wrongly calling luaD callnoyield twice in a row. Recommendations: For Lua versions prior to 5.4.1, update to...
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
Remote code execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-13151
CVE-2020-13151 affects the Aerospike Community Edition, specifically versions around 4.9.0.5. The vulnerability allows an unauthenticated user to submit a crafted Lua UDF that can execute arbitrary OS commands via os.execute(), enabling remote command execution on all cluster nodes with the Aeros...
PT-2020-13356 · Aerospike · Aerospike Community Edition
Name of the Vulnerable Software and Affected Versions: Aerospike Community Edition version 4.9.0.5 Description: The issue allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. Although it attempts to restrict code executio...
CVE-2020-15945
A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...
luajit: out-of-bounds read because __gc handler frame traversal is mishandled
A flaw was found in luajit. An out-of-bounds read can occur due to a frame traversal being mishandled...