CVE-2021-44964 — Use After Free in Lua5.4

CWE-416 — Use After Free8 documents7 sources

Severity

6.3MEDIUMNVD

EPSS

0.3%

top 50.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lua5.4 LUA Msrc Azl3 Memcached 1.6.27-3 ON Azure Linux 3.0 +7 more

Timeline

PublishedMar 14

Latest updateMar 15

Description

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages10 packages

▶debiandebian/lua5.4< lua5.4 5.4.4-1 (bookworm)

▶NVDlua/lua5.4.0 — 5.4.3

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

▶msrcmsrc/cbl2_lua_5.4.4-1_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-rvj2-9p3c-wmwh: Use after free in garbage collector and finalizer of lgc↗2022-03-15

▶

OSV

CVE-2021-44964: Use after free in garbage collector and finalizer of lgc↗2022-03-14

▶

📋Vendor Advisories

Microsoft

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.↗2022-03-08

▶

Red Hat

lua: use after free allows Sandbox Escape↗2021-11-29

▶

Debian

CVE-2021-44964: lua5.4 - Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5....↗2021

▶

📄Research Papers

CTF

sources / README↗2022

▶

CTF

LuQwest / exploit↗2022

▶