CVE-2020-24342

Опубликовано: 06 июл. 2020

Источник: redhat

CVSS3: 7.8

Описание

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

Отчет

The versions of lua shipped in Red Hat Enterprise Linux 6, 7 and 8 are not affected by this issue : versions of lua prior to 5.4.0 had a different C-stack overflow control, which did not trigger this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	lua	Not affected
Red Hat Enterprise Linux 7	lua	Not affected
Red Hat Enterprise Linux 8	lua	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1873084lua: buffer overflow in luaO_pushvfstring

7.8 High

CVSS3

Связанные уязвимости

CVE-2020-24342

CVSS3: 7.8

ubuntu

больше 5 лет назад

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

CVE-2020-24342

CVSS3: 7.8

nvd

больше 5 лет назад

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

CVE-2020-24342

CVSS3: 7.8

msrc

больше 5 лет назад

Описание отсутствует

CVE-2020-24342

CVSS3: 7.8

debian

больше 5 лет назад

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...

GHSA-ggfm-9pxx-qx8r

github

больше 3 лет назад

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

7.8 High

CVSS3