CVE search results

11 – 14 of 14 results

Detailed view

Sort by:

CVE-2020-24342

Medium priority

Ignored

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected

Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected

CVE-2020-15889

Low priority

Not affected

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	—	Not affected	Not affected
lua5.2	—	—	Not affected	Not affected
lua5.3	—	—	Not affected	Not affected
lua5.4	—	—	Not in release	Not in release
lua50	—	—	Not affected	Not affected

CVE-2020-15888

Low priority

Ignored

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not in release	Not in release
lua50	—	Not in release	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports

CVE-2020-24342

CVE-2020-15945

CVE-2020-15889

CVE-2020-15888