CVE-2021-43519Uncontrolled Recursion in LUA

CWE-674Uncontrolled RecursionCWE-787Out-of-bounds Write6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
LUADebian Lua5.1Debian Lua5.2+13 more
Timeline
PublishedNov 9
Latest updateMay 24

Description

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages15 packages

NVDlua/lua5.1.05.3.5+1
debiandebian/lua50< lua5.4 5.4.4-1 (bookworm)
debiandebian/lua5.1< lua5.4 5.4.4-1 (bookworm)
debiandebian/lua5.2< lua5.4 5.4.4-1 (bookworm)
debiandebian/lua5.3< lua5.4 5.4.4-1 (bookworm)

Also affects: Fedora 35

Patches

Patch: lua-users.orgPatch: lua-users.org

🔴Vulnerability Details

2
GHSA
GHSA-g78p-3v3v-h7wm: Stack overflow in lua_resume of ldo2022-05-24
OSV
CVE-2021-43519: Stack overflow in lua_resume of ldo2021-11-09

📋Vendor Advisories

3
Microsoft
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.2021-11-09
Red Hat
lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file2021-11-09
Debian
CVE-2021-43519: lua5.1 - Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows atta...2021
CVE-2021-43519 — Uncontrolled Recursion in LUA | cvebase