Unrated severityNVD Advisory· Published Jul 21, 2020· Updated Aug 4, 2024
CVE-2020-15888
CVE-2020-15888
Description
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Lua/Luadescription
- osv-coords2 versions
>= 5.4.0, < 5.4.1+ 1 more
- (no CPE)range: >= 5.4.0, < 5.4.1
- (no CPE)range: < 5.5.0~beta1-1.1
Patches
Vulnerability mechanics
References
6- lua-users.org/lists/lua-l/2020-07/msg00053.htmlmitrex_refsource_MISC
- lua-users.org/lists/lua-l/2020-07/msg00054.htmlmitrex_refsource_MISC
- lua-users.org/lists/lua-l/2020-07/msg00071.htmlmitrex_refsource_MISC
- lua-users.org/lists/lua-l/2020-07/msg00079.htmlmitrex_refsource_MISC
- github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7mitrex_refsource_MISC
- github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.