Vulnerabilities > CVE-2021-44964 - Use After Free vulnerability in LUA

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

lua

CWE-416

NVD

Published: 2022-03-14

Updated: 2022-03-21

Summary

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Vulnerable Configurations

Part	Description	Count
Application	Lua LUA LUA 5.4.0 LUA LUA 5.4.1 LUA LUA 5.4.2 LUA LUA 5.4.3	6

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

http://lua-users.org/lists/lua-l/2021-12/msg00030.html
http://lua-users.org/lists/lua-l/2021-12/msg00015.html
https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
http://lua-users.org/lists/lua-l/2021-11/msg00186.html
http://lua-users.org/lists/lua-l/2021-12/msg00007.html