Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
References
Link | Resource |
---|---|
http://lua-users.org/lists/lua-l/2020-07/msg00053.html | Exploit Mailing List Third Party Advisory |
http://lua-users.org/lists/lua-l/2020-07/msg00054.html | Exploit Mailing List Third Party Advisory |
http://lua-users.org/lists/lua-l/2020-07/msg00071.html | Exploit Mailing List Third Party Advisory |
http://lua-users.org/lists/lua-l/2020-07/msg00079.html | Exploit Mailing List Third Party Advisory |
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 | Patch Third Party Advisory |
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-21T21:36:02
Updated: 2020-07-21T21:36:02
Reserved: 2020-07-21T00:00:00
Link: CVE-2020-15888
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-21T22:15:12.090
Modified: 2023-05-16T22:31:05.550
Link: CVE-2020-15888
JSON object: View
Redhat Information
No data.