lua

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Powerful lightweight programming language designed for extending applications
Version 5.4.7-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2535 5.4.3-1 5.4.4-1 Low Fixed
AVG-1207 5.4.0-2 5.4.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-43519 AVG-2535 Low No Denial of service
A stack overflow in lua_resume of ldo.c in the Lua Interpreter, versions 5.1.0 to 5.4.4, allows attackers to perform a denial of service via a crafted script file.
CVE-2020-15889 AVG-1207 High Yes Arbitrary code execution
Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
CVE-2020-15888 AVG-1207 High Yes Arbitrary code execution
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap- based buffer...

Advisories

Date Advisory Group Severity Type
18 Oct 2020 ASA-202010-5 AVG-1207 High arbitrary code execution