QID 354526
Date Published: 2022-12-21
QID 354526: Amazon Linux Security Advisory for lua : ALAS2022-2022-176
A stack overflow issue was discovered in lua in the lua_resume() function of ldo.c.
This flaw allows a local attacker to pass a specially crafted file to the lua interpreter, causing a crash that leads to a denial of service. (
( CVE-2021-43519) a flaw was found in lua.
An segv crash in the funcnamefromcode() function in ldebug.c during error handling occurs in __close metamethods.
This flaw allows an attacker to cause a denial of service. (
( CVE-2021-44647) a heap buffer-overflow vulnerability was found in lua.
The flaw occurs due to vulnerable code present in the lparser.c function of lua that allows the execution of untrusted lua code into a system, resulting in malicious activity. (
( CVE-2022-28805) a vulnerability was found in lua.
During error handling, the luag_errormsg() component uses slots from extra_stack.
Some errors can recur such as a string overflow while creating an error message in luag_runerror, or a c-stack overflow before calling the message handler, causing a crash that leads to a denial of service. (
( CVE-2022-33099)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2022-2022-176 -
alas.aws.amazon.com/AL2022/ALAS-2022-176.html
CVEs related to QID 354526
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2022-2022-176 | amazon linux 2022 |
alas.aws.amazon.com/AL2022/ALAS-2022-176.html |