CVE-2021-45985
Summary
| CVE | CVE-2021-45985 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-10 09:15:00 UTC |
| Updated | 2023-04-14 03:51:00 UTC |
| Description | In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Lua: bugs | MISC | www.lua.org | Vendor Advisory |
| Crash Analysis : Erroneous finalizer called during tail call leads to heap buffer overflow | MISC | lua-users.org | Exploit, Mailing List, Vendor Advisory |
| Bug: finalizers can be called with an invalid stack · lua/lua@cf613cd · GitHub | MISC | github.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182015 Debian Security Update for lua5.4 (CVE-2021-45985)
- 357240 Amazon Linux Security Advisory for lua : ALAS2023-2024-533
- 673856 EulerOS Security Update for lua (EulerOS-SA-2023-2697)
- 674003 EulerOS Security Update for lua (EulerOS-SA-2023-2655)
- 906856 Common Base Linux Mariner (CBL-Mariner) Security Update for memcached (26155-1)
- 906859 Common Base Linux Mariner (CBL-Mariner) Security Update for ntopng (26158-1)
- 906876 Common Base Linux Mariner (CBL-Mariner) Security Update for lua (26047-1)