CVE-2020-24369NULL Pointer Dereference in Lua5.4

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Lua5.4LUA
Timeline
PublishedAug 17
Latest updateMay 24

Description

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

debiandebian/lua5.4< lua5.4 5.4.1-1 (bookworm)
NVDlua/lua5.4.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-8g95-2365-4r5r: ldebug2022-05-24
OSV
CVE-2020-24369: ldebug2020-08-17

📋Vendor Advisories

2
Red Hat
lua: NULL pointer dereference when trying to access debug information via the line hook of a stripped function2020-07-24
Debian
CVE-2020-24369: lua5.4 - ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of ...2020

💬Community

1
Bugzilla
CVE-2020-24369 lua: NULL pointer dereference when trying to access debug information via the line hook of a stripped function2020-08-19
CVE-2020-24369 — NULL Pointer Dereference in Lua5.4 | cvebase