lua
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Powerful lightweight programming language designed for extending applications |
Version | 5.4.7-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2535 | 5.4.3-1 | 5.4.4-1 | Low | Fixed | |
AVG-1207 | 5.4.0-2 | 5.4.1-1 | High | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-43519 | AVG-2535 | Low | No | Denial of service | A stack overflow in lua_resume of ldo.c in the Lua Interpreter, versions 5.1.0 to 5.4.4, allows attackers to perform a denial of service via a crafted script file. |
CVE-2020-15889 | AVG-1207 | High | Yes | Arbitrary code execution | Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. |
CVE-2020-15888 | AVG-1207 | High | Yes | Arbitrary code execution | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap- based buffer... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
18 Oct 2020 | ASA-202010-5 | AVG-1207 | High | arbitrary code execution |