Memory Access Violation in Lua 5.4.0 Due to Barrier Interaction
CVE-2020-24371

5.3MEDIUM

Key Information:

Vendor: Lua
Status: Lua
Vendor: CVE Published:; 17 August 2020

What is CVE-2020-24371?

In Lua 5.4.0, a flaw in the lgc.c file results in improper handling of barriers during the garbage collection process. This mishandling can lead to a memory access violation, potentially allowing for unexpected behaviors in applications relying on this version. Such vulnerabilities can undermine the stability and security of software utilizing Lua, warranting immediate attention and remediation.

References

https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325...

x_refsource_MISC

https://www.lua.org/bugs.html#5.4.0-10

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2020
Vulnerability Reserved
Aug 17, 2020