Описание
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in 'luaG_runerror', or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | lua | Not affected | ||
| Red Hat Enterprise Linux 7 | lua | Not affected | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/lua | Not affected | ||
| Red Hat Enterprise Linux 8 | lua | Not affected | ||
| Red Hat JBoss Core Services | lua | Not affected | ||
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2022:7329 | 02.11.2022 |
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2022:7329 | 02.11.2022 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
An issue in the component luaG_runerror of Lua v5.4.4 and below leads ...
6.5 Medium
CVSS3