Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service (CVE-2021-44647) URLs: http://lua-users.org/lists/lua-l/2021-11/msg00195.html http://lua-users.org/lists/lua-l/2021-11/msg00204.html
(In reply to filip ambroz from comment #0) > Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in > funcnamefromcode function in ldebug.c which can cause a local denial of > service (CVE-2021-44647) > > URLs: > http://lua-users.org/lists/lua-l/2021-11/msg00195.html Patch: > http://lua-users.org/lists/lua-l/2021-11/msg00204.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=919af65cd6e25616f2a435062cf0399669e18212 commit 919af65cd6e25616f2a435062cf0399669e18212 Author: Ahmed Charles <me@ahmedcharles.com> AuthorDate: 2022-02-14 04:39:27 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-02-14 04:42:13 +0000 dev-lang/lua: 5.4.4 bump Bug: https://bugs.gentoo.org/831053 Closes: #24027 Signed-off-by: Ahmed Charles <me@ahmedcharles.com> Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/lua/Manifest | 2 + dev-lang/lua/lua-5.4.4.ebuild | 203 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 205 insertions(+)
It looks to me like the linked patch is in 5.4.4. Thanks, William
I can't reproduce on earlier branches, so I guess it doesn't affect them.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9481b5e54d9a028a3f651d96ca46efd05ac1b3a6 commit 9481b5e54d9a028a3f651d96ca46efd05ac1b3a6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:32:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:33:45 +0000 [ GLSA 202305-23 ] Lua: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/520480 Bug: https://bugs.gentoo.org/831053 Bug: https://bugs.gentoo.org/837521 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-23.xml | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+)