CVE-2021-45985 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
lua	lua	5.4.0 ≤ 𝑥 < 5.4.4

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

21H2 (arm64, x64, x86)	KB5044273
22H2 (arm64, x64, x86)	KB5044273

Windows 11

22H2 (arm64, x64)	KB5044285
23H2 (arm64, x64)	KB5044285
24H2 (arm64, x64)	KB5050009

Windows Server 2022

23H2 Server Core	KB5044288
Server Core	KB5044281
Standard	KB5044281

Windows Server 2025

Server Core	KB5050009
Standard	KB5050009

Debian Releases

Debian Product

Codename

lua5.1

bookworm	5.1.5-9 fixed
bullseye	5.1.5-8.1 no-dsa
sid	5.1.5-9 fixed
trixie	5.1.5-9 fixed

lua5.2

bookworm	5.2.4-3 fixed
bullseye	5.2.4-1.1 no-dsa
sid	5.2.4-3 fixed
trixie	5.2.4-3 fixed

lua5.3

bookworm	5.3.6-2 fixed
bullseye	5.3.3-1.1+deb11u1 no-dsa
sid	5.3.6-2 fixed
trixie	5.3.6-2 fixed

lua5.4

bookworm	5.4.4-3+deb12u1 fixed
bullseye	no-dsa
sid	5.4.6-3 fixed
trixie	5.4.6-3 fixed

lua50

bullseye

5.0.3-8.1

fixed

Ubuntu Releases

Ubuntu Product

Codename

darktable

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	needs-triage

lua5.1

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	not-affected
xenial	not-affected

lua5.2

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	not-affected
xenial	not-affected

lua5.3

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	not-affected

lua5.4

bionic	dne
focal	dne
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	dne

lua50

bionic	not-affected
focal	not-affected
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	ignored
xenial	not-affected

memcached

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	not-affected

tup

bionic	dne
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	ignored

vifm

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	needs-triage

Known Exploits!

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

http://lua-users.org/lists/lua-l/2021-12/msg00019.html

https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5

https://www.lua.org/bugs.html#5.4.3-11

http://lua-users.org/lists/lua-l/2021-12/msg00019.html

https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5

https://www.lua.org/bugs.html#5.4.3-11