CVE-2020-15888

EUVD-2020-7862
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
lualua
5.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lua5.4
bookworm
5.4.4-3+deb12u1
fixed
bullseye
5.4.2-2
fixed
sid
5.4.6-3
fixed
trixie
5.4.6-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lua5.1
bionic
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
not-affected
xenial
not-affected
lua5.2
bionic
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
not-affected
xenial
not-affected
lua5.3
bionic
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
not-affected
lua5.4
bionic
dne
focal
dne
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
dne
lua50
bionic
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
dne
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://lua-users.org/lists/lua-l/2020-07/msg00053.html
http://lua-users.org/lists/lua-l/2020-07/msg00054.html
http://lua-users.org/lists/lua-l/2020-07/msg00071.html
http://lua-users.org/lists/lua-l/2020-07/msg00079.html
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
http://lua-users.org/lists/lua-l/2020-07/msg00053.html
http://lua-users.org/lists/lua-l/2020-07/msg00054.html
http://lua-users.org/lists/lua-l/2020-07/msg00071.html
http://lua-users.org/lists/lua-l/2020-07/msg00079.html
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5