ALT Linux Team

Package lua5.4 update in sisyphus_e2k on 2024-03-20

ALT-PU-2024-4291-1

Package lua5.4 updated to version 5.4.6-alt1 for branch sisyphus_e2k.

Closed vulnerabilities

Published: 2022-02-15

BDU:2022-04620

Уязвимость реализации функции singlevar() интерпретатора скриптов Lua, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2022-04-08
Modified: 2024-11-21

CVE-2022-28805

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2022-07-01
Modified: 2024-11-21

CVE-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top