Search CVE reports

1 – 10 of 16 results

Detailed view

Sort by:

CVE-2025-49844

High priority

Some fixes available 13 of 21

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free...

8 affected packages

redict, redis, valkey, lua50, lua5.1...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redict	—	Not in release	Not in release	—	—
redis	—	Fixed	Not affected	Not affected	Fixed
valkey	—	Fixed	Not in release	—	—
lua50	—	Not in release	Not in release	Vulnerable	Vulnerable
lua5.1	—	Vulnerable	Fixed	Fixed	Vulnerable
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not affected	—	—

CVE-2021-45985

Medium priority

Needs evaluation

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

9 affected packages

lua5.2, lua5.3, lua5.4, lua50, memcached...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not affected	Not in release	Not in release
lua50	—	Not in release	Not in release	Not affected	Not affected
memcached	—	Not affected	Not affected	Not affected	Not affected
tup	—	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
vifm	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
darktable	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lua5.1	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-33099

Low priority

Some fixes available 1 of 6

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Fixed	Not in release	Not in release
lua50	—	Not in release	Not in release	Not affected	Not affected

CVE-2022-28805

Medium priority

Some fixes available 1 of 5

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

5 affected packages

lua5.4, lua5.1, lua5.2, lua5.3, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.4	—	Not affected	Fixed	Not in release	Not in release
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua50	—	Not in release	Not in release	Not affected	Not affected

CVE-2021-44964

Medium priority

Vulnerable

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

5 affected packages

lua5.4, lua5.3, lua50, lua5.1, lua5.2

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.4	—	Not affected	Not affected	Not in release	Not in release
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua50	—	Not in release	Not in release	Needs evaluation	Needs evaluation
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected

CVE-2021-44647

Medium priority

Ignored

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	—	Not affected	Not affected	Not affected
lua5.2	—	—	Not affected	Not affected	Not affected
lua5.3	—	—	Not affected	Not affected	Not affected
lua5.4	—	—	Not affected	Not in release	Not in release
lua50	—	—	Not in release	Not affected	Not affected

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

enigma, freeciv, freedroidrpg, fs-uae, golly...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
enigma	—	Not affected	Not affected	Not affected	Not affected
freeciv	—	Not affected	Not affected	Not affected	Not affected
freedroidrpg	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
grub2	—	Not affected	Not affected	Not affected	Not affected
gtk2-engines	—	Not affected	Not affected	Not affected	Not affected
haskell-hslua	—	Not affected	Not affected	Not affected	Not affected
hedgewars	—	Not affected	Not affected	Not affected	Not affected
lua5.1	—	Not affected	Not affected	Not affected	Not affected
lua5.2	—	Not affected	Not affected	Not affected	Not affected
lua5.3	—	Not affected	Not affected	Not affected	Not affected
lua5.4	—	Not affected	Not affected	Not in release	Not in release
lua50	—	Not in release	Not in release	Not affected	Not affected
luajit	—	Not affected	Not affected	Not affected	Not affected
mame	—	Not affected	Not affected	Not affected	Not affected
naev	—	Needs evaluation	Needs evaluation	Needs evaluation	—
openscenegraph	—	Not affected	Not affected	Not affected	Not affected
redis	—	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	—	Needs evaluation	Needs evaluation	Needs evaluation	—
scite	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	—	Not affected	Not affected	Not affected	Not affected
spring	—	Not affected	Not affected	Not affected	Not affected
syslinux	—	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	—	Not in release	Not in release	Not affected	Not affected
tagua	—	Not affected	Not affected	Not affected	Not affected
tarantool	—	Needs evaluation	Needs evaluation	Needs evaluation	—
texlive-bin	—	Not affected	Not affected	Not affected	Not affected
tup	—	Needs evaluation	Needs evaluation	Needs evaluation	—
ufoai	—	Not affected	Not affected	Not affected	Not affected
vifm	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wesnoth	—	—	—	—	—
widelands	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	—	Not affected	Not affected	Not affected	Not affected
zfs-linux	—	Not affected	Not affected	Not affected	Not affected
ardour	—	Not affected	Not affected	Not affected	Not affected
bam	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	—	Not affected	Not affected	Not affected	Not affected
darktable	—	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	—	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	—	Needs evaluation	Needs evaluation	—	Needs evaluation

CVE-2020-24371

Medium priority

Ignored

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	—	Not affected	Not affected	Not affected
lua5.2	—	—	Not affected	Not affected	Not affected
lua5.3	—	—	Not affected	Not affected	Not affected
lua5.4	—	—	Not affected	Not in release	Not in release
lua50	—	—	Not in release	Not affected	Not affected

CVE-2020-24370

Medium priority

Ignored

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	—	Not affected	Not affected	Not affected
lua5.2	—	—	Not affected	Not affected	Not affected
lua5.3	—	—	Not affected	Not affected	Not affected
lua5.4	—	—	Not affected	Not in release	Not in release
lua50	—	—	Not in release	Not affected	Not affected

CVE-2020-24369

Medium priority

Ignored

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua5.1	—	—	Not affected	Not affected	Not affected
lua5.2	—	—	Not affected	Not affected	Not affected
lua5.3	—	—	Not affected	Not affected	Not affected
lua5.4	—	—	Not affected	Not in release	Not in release
lua50	—	—	Not in release	Not affected	Not affected

Export to JSON

Results by page: