Search CVE reports

1 – 10 of 14 results

Detailed view

Sort by:

CVE-2021-45985

Medium priority

Needs evaluation

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

9 affected packages

darktable, lua5.1, lua5.2, lua5.3, lua5.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
memcached	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-33099

Low priority

Some fixes available 1 of 6

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Fixed	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected

CVE-2022-28805

Medium priority

Some fixes available 1 of 5

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Fixed	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected

CVE-2021-44964

Medium priority

Needs evaluation

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Needs evaluation
lua5.3	Not affected	Not affected	Not affected	Not affected	Needs evaluation
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-44647

Medium priority

Ignored

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected	Not affected

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-24371

Medium priority

Ignored

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected	Not affected

CVE-2020-24370

Medium priority

Ignored

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected	Not affected

CVE-2020-24369

Medium priority

Ignored

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected	Not affected

CVE-2020-24342

Medium priority

Ignored

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected	Not affected

Export to JSON

Results by page: