CVE-2020-24370

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-24370

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24370.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-24370

Aliases

BIT-lua-2020-24370

Related

Published

2020-08-17T17:15:13Z

Modified

2024-10-12T06:21:48.043373Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

References

Affected packages

Debian:11 / lua5.3

Package

Name: lua5.3
Purl: pkg:deb/debian/lua5.3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.3-1.1+deb11u1

Affected versions

5.*

5.3.3-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lua5.3

Package

Name: lua5.3
Purl: pkg:deb/debian/lua5.3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lua5.3

Package

Name: lua5.3
Purl: pkg:deb/debian/lua5.3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / lua5.4

Package

Name: lua5.4
Purl: pkg:deb/debian/lua5.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lua5.4

Package

Name: lua5.4
Purl: pkg:deb/debian/lua5.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lua5.4

Package

Name: lua5.4
Purl: pkg:deb/debian/lua5.4?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/lua/lua

Affected ranges

Type: GIT
Repo: https://github.com/lua/lua
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a585eae6e7ada1ca9271607a4f48dfb17868ab7b

Affected versions

v1.*

v1.2

v2.*

v2.1

v2.2

v2.3-beta

v2.4

v2.4-beta

v2.5

v2.5-beta

v2.5.1

v3.*

v3.0

v3.0-alpha

v3.1

v3.1-alpha

v3.2

v3.2-beta

v4.*

v4.0

v4.0-alpha

v4.0-beta

v4.1-alpha

v5.*

v5.0

v5.0-alpha

v5.0-beta

v5.1

v5.1-alpha

v5.1-beta

v5.1.1

v5.2-alpha

v5.2-beta

v5.2.0

v5.2.1

v5.2.2

v5.3-alpha

v5.3-beta

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.4-alpha

v5.4-beta

v5.4-w2

v5.4.0