Описание
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service.
Отчет
This vulnerability does not affect Red Hat Enterprise Linux 8, because code-base was completely rewritten between 5.3 and 5.4. So, RHEL-8 is unlikely to be affected by this or a similar issue. This flaw is marked as Out-of-Support-Scope for Red Hat Enterprise Linux 6 and 7 because the flaw impact is moderate. For additional information, refer to the Red Hat Enterprise Linux Life Cycle & Update Policy: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | lua | Out of support scope | ||
| Red Hat Enterprise Linux 7 | lua | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/lua | Not affected | ||
| Red Hat Enterprise Linux 8 | lua | Not affected | ||
| Red Hat JBoss Core Services | lua | Not affected | ||
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2023:0957 | 28.02.2023 |
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2023:0957 | 28.02.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | lua | Fixed | RHSA-2023:1211 | 14.03.2023 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
5.5 Medium
CVSS3