Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 14 of 14 results

CVE-2020-15945

Low priority
Ignored

Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lua5.1 Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release Not in release
lua50 Not in release Not affected Not affected Not affected
Show less packages

CVE-2020-15889

Low priority
Not affected

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lua5.1 Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected
lua5.4 Not in release Not in release Not in release
lua50 Not affected Not affected Not affected
Show less packages

CVE-2020-15888

Low priority
Ignored

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

5 affected packages

lua5.1, lua5.2, lua5.3, lua5.4, lua50

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lua5.1 Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected
lua5.4 Not affected Not in release Not in release Not in release
lua50 Not in release Not affected Not affected Not affected
Show less packages

CVE-2019-6706

Medium priority
Fixed

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

4 affected packages

lua5.1, lua5.2, lua5.3, lua50

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lua5.1 Not affected Not affected
lua5.2 Not affected Not affected
lua5.3 Fixed Fixed
lua50 Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON