PT-2021-23858 · Lua+6 · Lua+6

김지회

Published

2019-08-09

Updated

2025-08-03

CVE-2021-43519

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Lua Interpreter versions 5.1.0 through 5.4.4

Description The issue is related to a stack overflow in the lua resume function of ldo.c in the Lua Interpreter. This can allow attackers to perform a Denial of Service via a crafted script file. The vulnerability is associated with a buffer overflow in the stack. Exploitation of the vulnerability can enable an attacker to cause a denial of service.

Recommendations For Lua Interpreter versions 5.1.0 through 5.4.4, consider disabling the lua resume function as a temporary workaround until a patch is available. Restrict the execution of crafted script files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Uncontrolled Recursion

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-121

Related Identifiers

ALSA-2023:0957

ALT-PU-2019-2423

ALT-PU-2019-2424

AZL-41261

AZL-41445

AZL-41574

AZL-41866

AZL-6672

BDU:2025-01458

BIT-LUA-2021-43519

CVE-2021-43519

OPENSUSE-SU-2024:12156-1

OPENSUSE-SU-2025:15401-1

RHSA-2023:0957

RHSA-2023:1211

RHSA-2023_0957

RLSA-2023:0957

Affected Products

Alt Linux

Almalinux

Debian

Lua

Red Hat

Red Os

Rocky Linux

PT-2021-23858 · Lua+6 · Lua+6

CVE-2021-43519

Weakness Enumeration

Related Identifiers

Affected Products

References · 47