rpm package
almalinux/lua-libs
pkg:rpm/almalinux/lua-libs
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-33099 | — | < 5.4.2-4.el9_0.3 | 5.4.2-4.el9_0.3 | Jul 1, 2022 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | ||
| CVE-2022-28805 | — | < 5.4.4-3.el9 | 5.4.4-3.el9 | Apr 8, 2022 | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | ||
| CVE-2021-44964 | — | < 5.4.4-2.el9_1 | 5.4.4-2.el9_1 | Mar 14, 2022 | Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. | ||
| CVE-2021-43519 | — | < 5.4.4-2.el9_1 | 5.4.4-2.el9_1 | Nov 9, 2021 | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | ||
| CVE-2020-24370 | — | < 5.3.4-12.el8 | 5.3.4-12.el8 | Aug 17, 2020 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). |
- CVE-2022-33099Jul 1, 2022affected < 5.4.2-4.el9_0.3fixed 5.4.2-4.el9_0.3
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
- CVE-2022-28805Apr 8, 2022affected < 5.4.4-3.el9fixed 5.4.4-3.el9
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
- CVE-2021-44964Mar 14, 2022affected < 5.4.4-2.el9_1fixed 5.4.4-2.el9_1
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
- CVE-2021-43519Nov 9, 2021affected < 5.4.4-2.el9_1fixed 5.4.4-2.el9_1
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
- CVE-2020-24370Aug 17, 2020affected < 5.3.4-12.el8fixed 5.3.4-12.el8
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).