Msrc Azl3 Lua 5.4.6-1 On Azure Linux 3.0 vulnerabilities

4 known vulnerabilities affecting msrc/azl3_lua_5.4.6-1_on_azure_linux_3.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2021-43519MEDIUMCVSS 5.52021-11-09
CVE-2021-43519 [MEDIUM] CWE-674 Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our
msrc
CVE-2020-24371MEDIUMCVSS 5.32020-08-11
CVE-2020-24371 [MEDIUM] CWE-763 lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits t
msrc
CVE-2020-24370MEDIUMCVSS 5.32020-08-11
CVE-2020-24370 [MEDIUM] CWE-191 ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal as demonstrated by getlocal(32^31). ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal as demonstrated by getlocal(32^31). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose t
msrc
CVE-2020-15945MEDIUMCVSS 5.52020-07-14
CVE-2020-15945 [MEDIUM] Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g. when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flo Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g. when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. FAQ: Is Azure Linux the only Microsoft product
msrc