https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Bug ID: 2104427
Summary: CVE-2022-33099 lua: heap buffer overflow in
luaG_errormsg() in ldebug.c due to uncontrolled
recursion in error handling
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: trathi(a)redhat.com
CC: 4le(a)live.com, drjohnson1(a)gmail.com,
lua-packagers-sig(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, michel(a)michel-slm.name,
rob.myers(a)gtri.gatech.edu, spotrh(a)gmail.com
Target Milestone: ---
Classification: Other
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a
heap-buffer overflow when a recursive error occurs.
https://lua-users.org/lists/lua-l/2022-05/msg00035.html
https://lua-users.org/lists/lua-l/2022-05/msg00073.html
https://lua-users.org/lists/lua-l/2022-05/msg00042.html
https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20o...
https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2104427