Описание
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Отчет
The affected code was introduced via https://github.com/lua/lua/commit/f5f3df3bd17fb3489bbd26ab39fe1580a8dbf9c9 which is part of lua-5.4. Therefore versions of lua package shipped with Red Hat products is not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | lua | Not affected | ||
| Red Hat Enterprise Linux 7 | lua | Not affected | ||
| Red Hat Enterprise Linux 8 | lua | Not affected | ||
| Red Hat Enterprise Linux 9 | lua | Not affected |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...
Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
8.1 High
CVSS3