Known Vulnerabilities for products from Lua
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Lua".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-33099 json | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs... | 7.5 - HIGH | 2022-07-01 | 2023-11-07 |
| CVE-2022-28805 json | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading ... | 9.1 - CRITICAL | 2022-04-08 | 2023-11-07 |
| CVE-2021-45985 json | In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. | 7.5 - HIGH | 2023-04-10 | 2023-04-14 |
| CVE-2021-44964 json | Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox... | 6.3 - MEDIUM | 2022-03-14 | 2022-03-21 |
| CVE-2021-44647 json | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local ... | 5.5 - MEDIUM | 2022-01-11 | 2023-11-07 |
| CVE-2021-43519 json | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a cr... | 5.5 - MEDIUM | 2021-11-09 | 2023-11-07 |
| CVE-2021-32921 json | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret stri... | 5.9 - MEDIUM | 2021-05-13 | 2023-11-07 |
| CVE-2021-32918 json | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-servic... | 7.5 - HIGH | 2021-05-13 | 2023-11-07 |
| CVE-2020-24371 json | lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation invo... | 5.3 - MEDIUM | 2020-08-17 | 2023-01-28 |
| CVE-2020-24370 json | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal... | 5.3 - MEDIUM | 2020-08-17 | 2023-11-07 |
| CVE-2020-24369 json | ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointe... | 7.5 - HIGH | 2020-08-17 | 2020-08-24 |
| CVE-2020-24342 json | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoy... | 7.8 - HIGH | 2020-08-13 | 2023-11-07 |
| CVE-2020-15945 json | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorr... | 5.5 - MEDIUM | 2020-07-24 | 2023-04-20 |
| CVE-2020-15889 json | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient numb... | 9.8 - CRITICAL | 2020-07-21 | 2020-12-23 |
| CVE-2020-15888 json | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer ove... | 8.8 - HIGH | 2020-07-21 | 2023-05-16 |
| CVE-2019-6706 json | Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker wh... | 7.5 - HIGH | 2019-01-23 | 2023-06-23 |
| CVE-2014-5461 json | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to ... | 5 - MEDIUM | 2014-09-04 | 2023-05-03 |
Known software with vulnerabilities from Lua
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lua | Lua | - |