Segmentation Fault Vulnerability in Lua by Lua.org
CVE-2020-15945

5.5MEDIUM

Key Information:

Vendor: Lua
Status: Lua
Vendor: CVE Published:; 24 July 2020

What is CVE-2020-15945?

The Lua programming language, up to version 5.4.0, contains a segmentation fault vulnerability that occurs in the 'changedline' function located within 'ldebug.c'. During the execution of a function, the flow control does not properly update the 'oldpc' value, which can lead to unpredictable behavior or crashes. This vulnerability highlights the importance of correct state handling in control flow mechanics within programming languages, particularly for execution tracing mechanisms.

References

http://lua-users.org/lists/lua-l/2020-07/msg00123.html

https://github.com/lua/lua/commit/a2195644d89812e5b157ce7...

https://www.lua.org/bugs.html#5.4.0-8

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jul 24, 2020