김지회

**Name of the Vulnerable Software and Affected Versions** Lua interpreter versions 5.4.0 through 5.4.3 **Description** The issue is related to a use after free in the garbage collector and finalizer of lgc.c in the Lua interpreter. This allows attackers to perform a Sandbox Escape via a crafted script file. **Recommendations** For Lua interpreter versions 5.4.0 through 5.4.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lua Interpreter versions 5.1.0 through 5.4.4 **Description** The issue is related to a stack overflow in the `lua resume` function of `ldo.c` in the Lua Interpreter. This can allow attackers to perform a Denial of Service via a crafted script file. The vulnerability is associated with a buffer overflow in the stack. Exploitation of the vulnerability can enable an attacker to cause a denial of service. **Recommendations** For Lua Interpreter versions 5.1.0 through 5.4.4, consider disabling the `lua resume` function as a temporary workaround until a patch is available. Restrict the execution of crafted script files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.