Debian Lua5.4 vulnerabilities

CVE-2022-28805 [CRITICAL] CVE-2022-28805: lua5.1 - singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lac... singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-33099 [HIGH] CVE-2022-33099: lua5.1 - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-... An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-44964 [MEDIUM] CVE-2021-44964: lua5.4 - Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.... Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. Scope: local bookworm: resolved (fixed in 5.4.4-1) bullseye: open forky: resolved (fixed in 5.4.4-1) sid: resolved (fixed in 5.4.4-1) trixie: resolved (fixed in 5.4.4-1)

CVE-2021-45985 [HIGH] CVE-2021-45985: lua5.1 - In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-b... In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-44647 [MEDIUM] CVE-2021-44647: lua5.1 - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode ... Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-43519 [MEDIUM] CVE-2021-43519: lua5.1 - Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows atta... Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-15889 [CRITICAL] CVE-2020-15889: lua5.4 - Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection i... Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Scope: local bookworm: resolved (fixed in 5.4.0-2) bullseye: resolved (fixed in 5.4.0-2) forky: resolved (fixed in 5.4.0-2) sid: resolved (fixed in 5.4.0-2) trixie: resolved (fixed in 5.4.0-2)

CVE-2020-24342 [HIGH] CVE-2020-24342: lua5.4 - Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a pr... Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Scope: local bookworm: resolved (fixed in 5.4.1-1) bullseye: resolved (fixed in 5.4.1-1) forky: resolved (fixed in 5.4.1-1) sid: resolved (fixed in 5.4.1-1) trixie: resolved (fixed in 5.4.1-1)

CVE-2020-24369 [HIGH] CVE-2020-24369: lua5.4 - ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of ... ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 5.4.1-1) bullseye: resolved (fixed in 5.4.1-1) forky: resolved (fixed in 5.4.1-1) sid: resolved (fixed in 5.4.1-1) trixie: resolved (fixed in 5.4.1-1)

CVE-2020-15888 [HIGH] CVE-2020-15888: lua5.4 - Lua through 5.4.0 mishandles the interaction between stack resizes and garbage c... Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. Scope: local bookworm: resolved (fixed in 5.4.1-1) bullseye: resolved (fixed in 5.4.1-1) forky: resolved (fixed in 5.4.1-1) sid: resolved (fixed in 5.4.1-1) trixie: resolved (fixed in 5.4.1

CVE-2020-24370 [MEDIUM] CVE-2020-24370: lua5.3 - ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlo... ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Scope: local bookworm: resolved (fixed in 5.3.6-1) bullseye: resolved (fixed in 5.3.3-1.1+deb11u1) forky: resolved (fixed in 5.3.6-1) sid: resolved (fixed in 5.3.6-1) trixie: resolved (fixed in 5.3.6-1)

CVE-2020-15945 [MEDIUM] CVE-2020-15945: lua5.1 - Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (... Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-24371 [MEDIUM] CVE-2020-24371: lua5.3 - lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep pha... lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved