CVE-2021-44647 — Type Confusion in Lua5.1

CWE-843 — Type Confusion6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 90.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lua5.1 Debian Lua5.2 Debian Lua5.3 +8 more

Timeline

PublishedJan 11

Latest updateJan 12

Description

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

▶debiandebian/lua50< lua5.4 5.4.4-1 (bookworm)

▶debiandebian/lua5.1< lua5.4 5.4.4-1 (bookworm)

▶debiandebian/lua5.2< lua5.4 5.4.4-1 (bookworm)

▶debiandebian/lua5.3< lua5.4 5.4.4-1 (bookworm)

▶debiandebian/lua5.4< lua5.4 5.4.4-1 (bookworm)

Also affects: Fedora 34

Patches

Patch: lua-users.org ↗Patch: lua-users.org ↗

🔴Vulnerability Details

GHSA

GHSA-wvx9-9phh-9j3h: Lua 5↗2022-01-12

▶

OSV

CVE-2021-44647: Lua v5↗2022-01-11

▶

📋Vendor Advisories

Microsoft

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.↗2022-01-11

▶

Red Hat

lua: type confusion in funcnamefromcode in ldebug.c could result in local DoS↗2022-01-11

▶

Debian

CVE-2021-44647: lua5.1 - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode ...↗2021

▶