Unrated severityNVD Advisory· Published Apr 8, 2022· Updated Aug 3, 2024
CVE-2022-28805
CVE-2022-28805
Description
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:apk/chainguard/lua5.4pkg:apk/chainguard/lua5.4-devpkg:apk/chainguard/lua5.4-docpkg:apk/chainguard/lua5.4-libspkg:apk/wolfi/lua5.4pkg:apk/wolfi/lua5.4-devpkg:apk/wolfi/lua5.4-docpkg:apk/wolfi/lua5.4-libspkg:bitnami/luapkg:rpm/almalinux/luapkg:rpm/almalinux/lua-develpkg:rpm/almalinux/lua-libs
< 0+ 11 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 5.4.0, < 5.4.5
- (no CPE)range: < 5.4.4-3.el9
- (no CPE)range: < 5.4.4-3.el9
- (no CPE)range: < 5.4.4-3.el9
Patches
Vulnerability mechanics
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/mitrevendor-advisory
- security.gentoo.org/glsa/202305-23mitrevendor-advisory
- github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030famitre
- lua-users.org/lists/lua-l/2022-02/msg00001.htmlmitre
- lua-users.org/lists/lua-l/2022-02/msg00070.htmlmitre
- lua-users.org/lists/lua-l/2022-04/msg00009.htmlmitre
News mentions
0No linked articles in our index yet.