src
src copied to clipboard
MidnightBSD
WS-2021-0177 (High) detected in multiple libraries
WS-2021-0177 - High Severity Vulnerability
Vulnerable Libraries - luav5.4.7, luav5.4.7, luav5.4.7
The Lua development repository, as seen by the Lua team. Mirrored irregularly. Please DO NOT send pull requests. Report issues in the Lua mailing list https://www.lua.org/lua-l.html Library home page: https://github.com/lua/lua.git
luav5.4.7
Vulnerable Source Files (1)
/lapi.c
luav5.4.7
The Lua development repository, as seen by the Lua team. Mirrored irregularly. Please DO NOT send pull requests. Report issues in the Lua mailing list https://www.lua.org/lua-l.html
Library home page: https://github.com/lua/lua.git
Vulnerable Source Files (1)
/lapi.c
luav5.4.7
The Lua development repository, as seen by the Lua team. Mirrored irregularly. Please DO NOT send pull requests. Report issues in the Lua mailing list https://www.lua.org/lua-l.html
Library home page: https://github.com/lua/lua.git
Vulnerable Source Files (1)
/lapi.c
Found in base branch: master
Vulnerability Details
lua in versions 5.4.0 to 5.4.2 is vulnerable to Heap-use-after-free, related to lapi.c, ldo.c, lfunc.c, lvm.c
Publish Date: 2021-01-15
URL: WS-2021-0177
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/OSV-2021-205
Release Date: 2021-01-15
Fix Resolution: v5.4.3
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}