src
src copied to clipboard
MidnightBSD
CVE-2021-44964 (Medium) detected in luav5.4.7, luav5.4.7
CVE-2021-44964 - Medium Severity Vulnerability
Vulnerable Libraries - luav5.4.7, luav5.4.7
The Lua development repository, as seen by the Lua team. Mirrored irregularly. Please DO NOT send pull requests. Report issues in the Lua mailing list https://www.lua.org/lua-l.html Library home page: https://github.com/lua/lua.git
luav5.4.7
Vulnerable Source Files (2)
/lgc.c
/lgc.h
luav5.4.7
The Lua development repository, as seen by the Lua team. Mirrored irregularly. Please DO NOT send pull requests. Report issues in the Lua mailing list https://www.lua.org/lua-l.html
Library home page: https://github.com/lua/lua.git
Vulnerable Source Files (2)
/lgc.c
/lgc.h
Found in base branch: master
Vulnerability Details
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Publish Date: 2022-03-14
URL: CVE-2021-44964
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-44964
Release Date: 2022-03-14
Fix Resolution: lua - 5.4.4
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}