Lua@* Security Vulnerabilities and Issues — Lua@* CVE List

Lucene search

LuaLua*

6 matches found

CVE•added 2020/07/24 9:15 p.m.•214 views

CVE-2020-15945

Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.

5.5CVSS5.6AI score0.00115EPSS

CVE•added 2022/07/01 12:15 p.m.•203 views

CVE-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

7.5CVSS7.4AI score0.00236EPSS

CVE•added 2023/04/10 9:15 a.m.•149 views

CVE-2021-45985

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

7.5CVSS7.3AI score0.0021EPSS

CVE•added 2022/04/08 6:15 a.m.•145 views

CVE-2022-28805

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

9.1CVSS9AI score0.00125EPSS

CVE•added 2021/11/09 1:15 p.m.•124 views

CVE-2021-43519

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

5.5CVSS5.5AI score0.00061EPSS

CVE•added 2022/03/14 3:15 p.m.•107 views

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

6.3CVSS6.5AI score0.00126EPSS