PT-2020-15693 · Lua · Lua

Roberto-Ieru

·

Published

2020-08-13

·

Updated

2025-08-03

·

CVE-2020-24342

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Lua versions prior to 5.4.1
Description The issue allows a stack redzone cross in luaO pushvfstring due to a protection mechanism wrongly calling luaD callnoyield twice in a row.
Recommendations For Lua versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Weakness Enumeration

CWE-119

Related Identifiers

BIT-LUA-2020-24342
CVE-2020-24342
OPENSUSE-SU-2024:11029-1
OPENSUSE-SU-2025:15401-1

Affected Products

Lua