Known Vulnerabilities for products from Lua
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Lua".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43519 | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a cr... | 5.5 - MEDIUM | 2021-11-09 | 2023-11-07 |
| CVE-2021-32921 | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret stri... | 5.9 - MEDIUM | 2021-05-13 | 2023-11-07 |
| CVE-2021-32918 | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-servic... | 7.5 - HIGH | 2021-05-13 | 2023-11-07 |
| CVE-2020-24371 | lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation invo... | 5.3 - MEDIUM | 2020-08-17 | 2023-01-28 |
| CVE-2020-24370 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal... | 5.3 - MEDIUM | 2020-08-17 | 2023-11-07 |
| CVE-2020-24369 | ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointe... | 7.5 - HIGH | 2020-08-17 | 2020-08-24 |
| CVE-2020-24342 | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoy... | 7.8 - HIGH | 2020-08-13 | 2023-11-07 |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorr... | 5.5 - MEDIUM | 2020-07-24 | 2023-04-20 |
| CVE-2020-15889 | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient numb... | 9.8 - CRITICAL | 2020-07-21 | 2020-12-23 |
| CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer ove... | 8.8 - HIGH | 2020-07-21 | 2023-05-16 |
| CVE-2019-6706 | Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker wh... | 7.5 - HIGH | 2019-01-23 | 2023-06-23 |
| CVE-2014-5461 | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to ... | 5 - MEDIUM | 2014-09-04 | 2023-05-03 |
Known software with vulnerabilities from Lua
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lua | Lua | - |