Main Vulnerability Database Vulnerabilities #VU47701

#VU47701 Out-of-bounds read in Lua - CVE-2020-15889

Published: July 22, 2020 / Updated: October 18, 2020

Vulnerability identifier: #VU47701

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15889

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Lua

Software vendor:
Lua

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to getobjname heap-based buffer over-read within the youngcollection() function in lgc.c that uses markold for an insufficient number of list members. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

External links

http://lua-users.org/lists/lua-l/2020-07/msg00078.html
https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312

#VU47701 Out-of-bounds read in Lua - CVE-2020-15889

Description

Remediation

External links

Please verify you're human