Stack Overflow Vulnerability in Lua Interpreter Affecting Multiple Versions
CVE-2021-43519

5.5MEDIUM

Key Information:

Vendor

Lua

Status
Lua
Vendor
CVE Published:
9 November 2021

What is CVE-2021-43519?

A stack overflow vulnerability exists in the lua_resume function of ldo.c in the Lua Interpreter. This vulnerability allows attackers to craft specific script files that can lead to a Denial of Service condition, potentially disrupting the normal operation of applications using vulnerable versions of Lua. Users are advised to review their usage of affected Lua Interpreter versions and consider upgrading to mitigate this risk.

References

http://lua-users.org/lists/lua-l/2021-10/msg00123.html
x_refsource_MISC
http://lua-users.org/lists/lua-l/2021-11/msg00015.html
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.