Type Confusion Vulnerability in Lua by Lua.org
CVE-2021-44647

5.5MEDIUM

Key Information:

Vendor: Lua
Status: Lua
Vendor: CVE Published:; 11 January 2022

What is CVE-2021-44647?

Lua versions 5.4.3 and later are subject to a type confusion vulnerability within the funcnamefromcode function located in ldebug.c. This flaw can lead to a segmentation fault (SEGV), which may result in a local denial of service condition, impacting the stability and availability of applications that rely on this programming language.

References

http://lua-users.org/lists/lua-l/2021-11/msg00195.html

http://lua-users.org/lists/lua-l/2021-11/msg00204.html

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2022
Vulnerability Reserved
Dec 6, 2021