Stack Redzone Cross Vulnerability in Lua Product by Lua
CVE-2020-24342

7.8HIGH

Key Information:

Vendor

Lua

Status
Lua
Vendor
CVE Published:
13 August 2020

What is CVE-2020-24342?

A stack redzone cross vulnerability was discovered in Lua versions up to 5.4.0, which arises from a flaw in the protection mechanism. This vulnerability allows the improper calling of luaD_callnoyield consecutively, potentially leading to security implications. Developers and users are advised to review their Lua installations and apply necessary updates to mitigate any risks.

References

http://lua-users.org/lists/lua-l/2020-07/msg00052.html
x_refsource_MISC
https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.