Search CVE reports

Toggle filters

1 – 10 of 15 results

CVE-2025-49844

High priority

Some fixes available 13 of 22

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free...

8 affected packages

redict, redis, valkey, lua50, lua5.1...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redict Not affected Not in release Not in release
redis Not affected Fixed Not affected Not affected Fixed
valkey Not affected Fixed Not in release
lua50 Not in release Not in release Not in release Vulnerable Vulnerable
lua5.1 Vulnerable Vulnerable Fixed Fixed Vulnerable
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not affected
Show all 8 packages Show less packages

CVE-2021-45985

Medium priority
Needs evaluation

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

9 affected packages

lua5.2, lua5.3, lua5.4, lua50, memcached...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not affected Not in release Not in release
lua50 Not in release Not in release Not in release Not affected Not affected
memcached Not affected Not affected Not affected Not affected Not affected
tup Needs evaluation Needs evaluation Needs evaluation Ignored Not in release
vifm Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
darktable Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
lua5.1 Not affected Not affected Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2022-33099

Low priority

Some fixes available 1 of 6

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Fixed Not in release Not in release
lua50 Not in release Not in release Not in release Not affected Not affected
Show less packages

CVE-2022-28805

Medium priority

Some fixes available 1 of 5

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

5 affected packages

lua5.4, lua5.1, lua5.2, lua5.3, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.4 Not affected Not affected Fixed Not in release Not in release
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua50 Not in release Not in release Not in release Not affected Not affected
Show less packages

CVE-2021-44964

Medium priority
Vulnerable

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

5 affected packages

lua5.4, lua5.3, lua50, lua5.1, lua5.2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.4 Not affected Not affected Not affected Not in release Not in release
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua50 Not in release Not in release Not in release Ignored Ignored
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-44647

Medium priority
Ignored

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.1 Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release
lua50 Not in release Not affected Not affected
Show less packages

CVE-2021-43519

Low priority
Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

enigma, freeciv, freedroidrpg, fs-uae, golly...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
enigma Not affected Not affected Not affected Not affected Not affected
freeciv Not affected Not affected Not affected Not affected Not affected
freedroidrpg Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
fs-uae Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
golly Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
goxel Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
grub2 Not affected Not affected Not affected Not affected Not affected
gtk2-engines Not affected Not affected Not affected Not affected Not affected
haskell-hslua Not affected Not affected Not affected Not affected Not affected
hedgewars Not affected Not affected Not affected Not affected Not affected
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not affected Not in release Not in release
lua50 Not in release Not in release Not in release Not affected Not affected
luajit Not affected Not affected Not affected Not affected Not affected
mame Not affected Not affected Not affected Not affected Not affected
naev Needs evaluation Needs evaluation Needs evaluation Ignored
openscenegraph Not affected Not affected Not affected Not affected Not affected
redis Not affected Not affected Not affected Not affected Not affected
rust-lua52-sys Needs evaluation Needs evaluation Needs evaluation Ignored
scite Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
scorched3d Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
scummvm Not affected Not affected Not affected Not affected Not affected
spring Not affected Not affected Not affected Not affected Not affected
syslinux Not affected Not affected Not affected Not affected Not affected
syslinux-legacy Not in release Not in release Not in release Not affected Not affected
tagua Not in release Not affected Not affected Not affected Not affected
tarantool Not in release Needs evaluation Needs evaluation Ignored
texlive-bin Not affected Not affected Not affected Not affected Not affected
tup Needs evaluation Needs evaluation Needs evaluation Ignored
ufoai Not affected Not affected Not affected Not affected Not affected
vifm Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
wcc Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
wesnoth
widelands Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmoto Not affected Not affected Not affected Not affected Not affected
zfs-linux Not affected Not affected Not affected Not affected Not affected
ardour Not affected Not affected Not affected Not affected Not affected
blobby Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
ceph Not affected Not affected Not affected Not affected Not affected
darktable Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
eja Not in release Not in release Needs evaluation Ignored Ignored
emscripten Needs evaluation Needs evaluation Needs evaluation Ignored
bam Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 45 packages Show less packages

CVE-2020-24371

Medium priority
Ignored

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.1 Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release
lua50 Not in release Not affected Not affected
Show less packages

CVE-2020-24370

Medium priority
Ignored

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.1 Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release
lua50 Not in release Not affected Not affected
Show less packages

CVE-2020-24369

Medium priority
Ignored

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lua5.1 Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release
lua50 Not in release Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON