Lucene search

UbuntuUSN-6916-1

HistoryJul 29, 2024 - 12:00 a.m.

Lua vulnerabilities

2024-07-2900:00:00

ubuntu.com

lua programming language

ubuntu 22.04 lts

code generation

denial of service

arbitrary code execution

cve-2022-28805

cve-2022-33099

c stack overflow

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.8

Confidence

Low

JSON

Releases

Ubuntu 22.04 LTS

Packages

lua5.4 - Simple, extensible, embeddable programming language

Details

It was discovered that Lua did not properly generate code when “_ENV” is
constant. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary unstrusted lua code. (CVE-2022-28805)

It was discovered that Lua did not properly handle C stack overflows during
error handling. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-33099)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchlua5.4< 5.4.4-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchliblua5.4-0< 5.4.4-1UNKNOWN
Ubuntu22.04noarchliblua5.4-0-dbg< 5.4.4-1UNKNOWN
Ubuntu22.04noarchliblua5.4-dev< 5.4.4-1UNKNOWN
Ubuntu22.04noarchlua5.4< 5.4.4-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	lua5.4	< 5.4.4-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	22.04	noarch	liblua5.4-0	< 5.4.4-1	UNKNOWN
Ubuntu	22.04	noarch	liblua5.4-0-dbg	< 5.4.4-1	UNKNOWN
Ubuntu	22.04	noarch	liblua5.4-dev	< 5.4.4-1	UNKNOWN
Ubuntu	22.04	noarch	lua5.4	< 5.4.4-1	UNKNOWN