Lua 5.3.5

CPE Details

Lua 5.3.5
lua
lua
5.3.5
2019-05-21
12h31 +00:00
2019-05-21
12h31 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*

Informations

Vendor

lua

Product

lua

Version

5.3.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-32921 2021-05-13 13h14 +00:00 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.
5.9
Medium
CVE-2020-24370 2020-08-16 22h00 +00:00 ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
5.3
Medium
CVE-2020-15945 2020-07-24 20h05 +00:00 Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
5.5
Medium
CVE-2019-6706 2019-01-22 23h00 +00:00 Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
7.5
High