MidnightBSD / src

MidnightBSD OS source code
https://www.midnightbsd.org/
Other
55 stars 6 forks source link

CVE-2021-44647 (Medium) detected in lualua-5.4.7 #237

Open mend-bolt-for-github[bot] opened 18 hours ago

mend-bolt-for-github[bot] commented 18 hours ago

CVE-2021-44647 - Medium Severity Vulnerability

Vulnerable Library - lualua-5.4.7

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode with a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.

Library home page: https://www.lua.org/ftp/?wsslib=lua

Found in base branch: master

Vulnerable Source Files (1)

/ldebug.c

Vulnerability Details

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

Publish Date: 2022-01-11

URL: CVE-2021-44647

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44647

Release Date: 2022-01-11

Fix Resolution: lua5.4 - 5.4.4-1


Step up your Open Source Security Game with Mend here