First published: Tue Nov 09 2021(Updated: )
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Lua Lua | >=5.1.0<5.3.5 | |
Lua Lua | >=5.4.0<5.4.4 | |
Fedoraproject Fedora | =35 | |
>=5.1.0<5.3.5 | ||
>=5.4.0<5.4.4 | ||
=35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43519 is a vulnerability in the Lua Interpreter that allows attackers to perform a Denial of Service through a crafted script file.
The Lua Interpreter versions 5.1.0 to 5.3.5, and 5.4.0 to 5.4.4, as well as Fedora 35, are affected by CVE-2021-43519.
CVE-2021-43519 has a severity level of 5.5, which is classified as medium.
Attackers can exploit CVE-2021-43519 by utilizing a crafted script file to cause a stack overflow in the lua_resume function, leading to a Denial of Service.
Yes, you can find more information about CVE-2021-43519 at the following references: http://lua-users.org/lists/lua-l/2021-10/msg00123.html, http://lua-users.org/lists/lua-l/2021-11/msg00015.html, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/