src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2020-15888 (High) detected in multiple libraries

Open mend-bolt-for-github[bot] opened this issue 4 years ago • 31 comments

CVE-2020-15888 - High Severity Vulnerability

Vulnerable Libraries - src3.1.5, src3.1.5, src3.1.5

Vulnerability Details

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

Publish Date: 2020-07-21

URL: CVE-2020-15888

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-15888

Release Date: 2020-07-21

Fix Resolution: lua - 5.3.2

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Aug 29 '21 16:08 mend-bolt-for-github[bot]