Closed sevaksargsyan closed 1 month ago
Yup, the vulnerability is there. The exploit is detailed on lua bug page.
moar was almost guaranteed unaffected by the problem, but since the patch is so miniscule, i applied it by hand and bumped the submodule commit in MoarVM.
File: https://github.com/MoarVM/dynasm/blob/e1a681416e4c4f4a8085e15f1d29b4e20b0a9739/minilua.c contains CVE-2014-5461. Look here: https://github.com/redis/redis/commit/d75ad774a92bd7de0b9448be3d622d7a13b7af27