CVE-2022-33099 — Out-of-bounds Write in Lua5.1

CWE-787 — Out-of-bounds Write10 documents9 sources

Severity

7.5HIGHNVD

OSV9.1

EPSS

0.3%

top 49.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Lua5.1 Debian Lua5.2 Debian Lua5.3 +17 more

Timeline

PublishedJul 1

Latest updateNov 7

Description

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages19 packages

▶debiandebian/lua50< lua5.4 5.4.4-3 (bookworm)

▶debiandebian/lua5.1< lua5.4 5.4.4-3 (bookworm)

▶debiandebian/lua5.2< lua5.4 5.4.4-3 (bookworm)

▶debiandebian/lua5.3< lua5.4 5.4.4-3 (bookworm)

▶debiandebian/lua5.4< lua5.4 5.4.4-3 (bookworm)

Also affects: Fedora 35, 36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

lua5.4 vulnerabilities↗2024-07-29

▶

GHSA

GHSA-39jx-jr53-979c: An issue in the component luaG_runerror of Lua v5↗2022-07-02

▶

OSV

CVE-2022-33099: An issue in the component luaG_runerror of Lua v5↗2022-07-01

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent↗2024-11-07

▶

Ubuntu

Lua vulnerabilities↗2024-07-29

▶

Microsoft

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.↗2022-07-12

▶

Red Hat

lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling↗2022-07-01

▶

Debian

CVE-2022-33099: lua5.1 - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2025-11961 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶