CVE-2020-15945 — Improper Input Validation in LUA
Severity
5.5MEDIUMNVD
OSV6.4
EPSS
0.2%
top 63.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 24
Latest updateJun 30
Description
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages13 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3Microsoft▶
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g. when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flo↗2020-07-14
Debian▶
CVE-2020-15945: lua5.1 - Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (...↗2020