Type Confusion Vulnerability in Lua by Lua.org
CVE-2021-44647

5.5MEDIUM

Key Information:

Vendor

Lua

Status
Lua
Vendor
CVE Published:
11 January 2022

What is CVE-2021-44647?

Lua versions 5.4.3 and later are subject to a type confusion vulnerability within the funcnamefromcode function located in ldebug.c. This flaw can lead to a segmentation fault (SEGV), which may result in a local denial of service condition, impacting the stability and availability of applications that rely on this programming language.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lua-users.org/lists/lua-l/2021-11/msg00195.html
http://lua-users.org/lists/lua-l/2021-11/msg00204.html
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.