Lucene search
Ubuntu.comUB:CVE-2021-43519HistoryNov 09, 2021 - 12:00 a.m.
CVE-2021-43519
2021-11-0900:00:00
ubuntu.com
ubuntu.com
16
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows
attackers to perform a Denial of Service via a crafted script file.
Bugs
Notes
| Author | Note |
|---|---|
| eslerm | lua deprecated from grub on 2009-09-26 debian/grub-extras/lua/ not compiled-see debian/rules and GRUB_CONTRIB contrary to description, vulnerability appears to be introduced after 5.1 |
| leosilva | for ceph , that ships with lua, lua affected is 5.4 up, for focal it is using 5.3 , so not-affected. Also, code not found. |
| mdeslaur | SUSE bug says “this bug is only present in Lua 5.4.2 and 5.4.3” and the PoC crashing earlier versions may be unrelated to this CVE. Introduced in 5.4.2 by: https://github.com/lua/lua/commit/287b302acb8d925178e9edb800f0a8d18c7d35f6 Fixed in 5.4.4 by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | bam | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | bam | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | bam | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | bam | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | bam | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | bam | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | blobby | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | blobby | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | blobby | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | blobby | < any | UNKNOWN |
References
lua-users.org/lists/lua-l/2021-10/msg00123.html
lua-users.org/lists/lua-l/2021-11/msg00015.html
github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
launchpad.net/bugs/cve/CVE-2021-43519
nvd.nist.gov/vuln/detail/CVE-2021-43519
security-tracker.debian.org/tracker/CVE-2021-43519
www.cve.org/CVERecord?id=CVE-2021-43519
Related
nessus
nessus
RHEL 7 : lua (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : lua (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 9 : lua (RHSA-2023:0957)
2023-02-28 00:00:00
redhatcve
redhatcve
CVE-2021-43519
2022-01-28 10:02:24
cve
cve
CVE-2021-43519
2021-11-09 13:15:00
openvas
openvas
Fedora: Security Advisory for lua (FEDORA-2022-e6b2bd5b50)
2022-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: lua-5.4.4-1.fc35
2022-02-08 01:13:10
[SECURITY] Fedora 34 Update: lua-5.4.4-1.fc34
2022-02-17 03:06:39
osv
osv
BIT-lua-2021-43519
2024-03-06 10:56:26
CVE-2021-43519
2021-11-09 13:15:08
Moderate: lua security update
2023-04-06 15:53:31
debiancve
debiancve
CVE-2021-43519
2021-11-09 13:15:00
prion
prion
Stack overflow
2021-11-09 13:15:00
veracode
veracode
Denial Of Service (DoS)
2022-02-09 05:05:56
cvelist
cvelist
CVE-2021-43519
2021-11-09 12:26:22
cbl_mariner
cbl_mariner
CVE-2021-43519 affecting package lua for versions less than 5.4.3-1
2022-04-09 06:51:52
rocky
rocky
lua security update
2023-04-06 15:53:31
almalinux
almalinux
Moderate: lua security update
2023-02-28 00:00:00
redhat
redhat
(RHSA-2023:1211) Moderate: lua security update
2023-03-14 13:19:06
(RHSA-2023:0957) Moderate: lua security update
2023-02-28 07:53:03
oraclelinux
oraclelinux
lua security update
2023-02-28 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0130
2021-11-29 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0130
2021-11-28 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0517
2023-11-20 00:00:00