Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 905319 (CVE-2021-45985)

Summary: dev-lang/lua: heap buffer overread
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: robbat2, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [??]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 19:20:47 UTC
CVE-2021-45985 (https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5):

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

Patch is in 5.4.4. Are previous branches affected?