Описание
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
Отчет
OpenShift ServiceMesh (OSSM) does package a vulnerable version of luajit. However, a potential attacker would require enough privileges to be able to influence the envoy configuration to modify the lua rules in order to cause the out-of-bounds (OOB) read. Hence for OSSM the impact is low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-proxy | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1870306luajit: out-of-bounds read in lj_err_run function in lj_err.c
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
CVSS3: 7.5
nvd
больше 5 лет назад
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
CVSS3: 7.5
debian
больше 5 лет назад
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...
CVSS3: 7.5
github
больше 3 лет назад
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
7.5 High
CVSS3