Vulnerabilities > LUA > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-08 CVE-2022-28805 Out-of-bounds Read vulnerability in multiple products
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
network
low complexity
lua fedoraproject CWE-125
critical
9.1
2020-07-21 CVE-2020-15889 Out-of-bounds Read vulnerability in LUA 5.4.0
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
network
low complexity
lua CWE-125
critical
9.8