Lua 5.4.2

CPE Details

Lua 5.4.2
lua
lua
5.4.2
2021-06-16
16h48 +00:00
2021-06-21
10h31 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lua:lua:5.4.2:*:*:*:*:*:*:*

Informations

Vendor

lua

Product

lua

Version

5.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-33099 2022-07-01 09h26 +00:00 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
7.5
High
CVE-2022-28805 2022-04-07 22h00 +00:00 singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
9.1
Critical
CVE-2021-44964 2022-03-14 13h24 +00:00 Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
6.3
Medium
CVE-2021-43519 2021-11-09 11h26 +00:00 Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
5.5
Medium
CVE-2021-32921 2021-05-13 13h14 +00:00 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.
5.9
Medium