CVE-2021-44964
Summary
| CVE | CVE-2021-44964 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-14 15:15:00 UTC |
| Updated | 2022-03-21 05:17:00 UTC |
| Description | Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit | MISC | lua-users.org | |
| Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit | MISC | lua-users.org | |
| GitHub - Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability | MISC | github.com | |
| Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit | MISC | lua-users.org | |
| Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit | MISC | lua-users.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160489 Oracle Enterprise Linux Security Update for lua (ELSA-2023-0957)
- 184941 Debian Security Update for lua5.4 (CVE-2021-44964)
- 241222 Red Hat Update for lua (RHSA-2023:0957)
- 241261 Red Hat Update for lua (RHSA-2023:1211)
- 901037 Common Base Linux Mariner (CBL-Mariner) Security Update for lua (9048)
- 906948 Common Base Linux Mariner (CBL-Mariner) Security Update for lua (9048-1)
- 940945 AlmaLinux Security Update for lua (ALSA-2023:0957)
- 960895 Rocky Linux Security Update for lua (RLSA-2023:0957)