PT-2014-1807 · Lua+2 · Lua+2

Murray Mcallister

Publicado

2014-08-21

Atualizado

2025-07-03

CVE-2014-5461

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Lua versions 5.1 through 5.2.x before 5.2.3

Description The issue is caused by a buffer overflow in the vararg functions in ldo.c, allowing context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. This can be exploited by a remote attacker using a large number of variable-length arguments.

Recommendations For Lua versions 5.1 through 5.2.x before 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the number of arguments passed to functions with a large number of fixed arguments to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-2137

AZL-41108

AZL-45036

BDU:2015-04141

BDU:2015-04142

CVE-2014-5461

DLA-47-1

DSA-3015-1

DSA-3016-1

MGASA-2014-0414

OPENSUSE-SU-2025:15247-1

USN-2338-1

Produtos afetados

Alt Linux

Lua

Ubuntu

PT-2014-1807 · Lua+2 · Lua+2

CVE-2014-5461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39