CVE-2021-45985

Опубликовано: 14 янв. 2025

Источник: msrc

CVSS3: 5.5

EPSS Низкий

Описание

Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read

This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.

FAQ

Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Lau open-source software which is consumed by Microsoft Windows. It is being documented in the Security Update Guide to announce that the latest builds of Windows are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Are there any additional steps that I need to follow to be protected from this vulnerability?

The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.

Обновления

Продукт	Статья	Обновление
Windows Server 2022	5044281	Security Update
Windows Server 2022 (Server Core installation)	5044281	Security Update
Windows 10 Version 21H2 for 32-bit Systems	5044273	Security Update
Windows 10 Version 21H2 for ARM64-based Systems	5044273	Security Update
Windows 10 Version 21H2 for x64-based Systems	5044273	Security Update
Windows 11 Version 22H2 for ARM64-based Systems	5044285	Security Update
Windows 11 Version 22H2 for x64-based Systems	5044285	Security Update
Windows 10 Version 22H2 for x64-based Systems	5044273	Security Update
Windows 10 Version 22H2 for ARM64-based Systems	5044273	Security Update
Windows 10 Version 22H2 for 32-bit Systems	5044273	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 44%

0.0021

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-45985

CVSS3: 7.5

ubuntu

около 2 лет назад

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2021-45985

CVSS3: 7.5

redhat

около 2 лет назад

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2021-45985

CVSS3: 7.5

nvd

около 2 лет назад

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2021-45985

CVSS3: 7.5

debian

около 2 лет назад

In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ...

GHSA-pxvf-cp3x-784h

CVSS3: 7.5

github

около 2 лет назад

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

EPSS

Процентиль: 44%

0.0021

Низкий

5.5 Medium

CVSS3