CVE-2020-15889

Опубликовано: 21 июл. 2020

Источник: debian

EPSS Низкий

Описание

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
lua5.4	fixed	5.4.0-2		package

Примечания

http://lua-users.org/lists/lua-l/2020-07/msg00078.html
https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312
Introduced in 5.4

EPSS

Процентиль: 66%

0.0051

Низкий

Связанные уязвимости

CVE-2020-15889

CVSS3: 9.8

ubuntu

больше 5 лет назад

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

CVE-2020-15889

CVSS3: 8.1

redhat

больше 5 лет назад

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

CVE-2020-15889

CVSS3: 9.8

nvd

больше 5 лет назад

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

CVE-2020-15889

CVSS3: 9.8

msrc

больше 5 лет назад

Описание отсутствует

GHSA-j29r-h8wr-v5v8

github

больше 3 лет назад

Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

EPSS

Процентиль: 66%

0.0051

Низкий