CVE-2022-33099

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Lua versions prior to 5.4.4

Description An issue in the component luaG runerror of Lua leads to a heap-buffer overflow when a recursive error occurs.

Recommendations For versions prior to 5.4.4, update to a version that contains a fix for this issue. As a temporary workaround, consider implementing error handling mechanisms to prevent recursive errors that could lead to a heap-buffer overflow.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7329

ALT-PU-2024-3994

AZL-10045

AZL-35032

AZL-41192

BIT-LUA-2022-33099

CVE-2022-33099

OESA-2022-1764

OPENSUSE-SU-2024:12167-1

OPENSUSE-SU-2025:15401-1

RHSA-2022:7329

RHSA-2022_7329

RLSA-2022:7329

USN-6916-1

Affected Products

Alt Linux

Almalinux

Debian

Linuxmint

Lua

Red Hat

Rocky Linux

Ubuntu

CVE-2022-33099

Weakness Enumeration

Related Identifiers

Affected Products

References · 48