Vulnerabilities > CVE-2020-15888 - Use After Free vulnerability in LUA 5.4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
Common Weakness Enumeration (CWE)
References
- http://lua-users.org/lists/lua-l/2020-07/msg00053.html
- http://lua-users.org/lists/lua-l/2020-07/msg00053.html
- http://lua-users.org/lists/lua-l/2020-07/msg00054.html
- http://lua-users.org/lists/lua-l/2020-07/msg00054.html
- http://lua-users.org/lists/lua-l/2020-07/msg00071.html
- http://lua-users.org/lists/lua-l/2020-07/msg00071.html
- http://lua-users.org/lists/lua-l/2020-07/msg00079.html
- http://lua-users.org/lists/lua-l/2020-07/msg00079.html
- https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
- https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
- https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
- https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5