VYPR

apk package

wolfi/lua5.4-libs

pkg:apk/wolfi/lua5.4-libs

Vulnerabilities (2)

  • CVE-2022-28805Apr 8, 2022
    affected < 0fixed 0

    singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

  • CVE-2019-6706Jan 23, 2019
    affected < 0fixed 0

    Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.