Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/08/21/4 | mailing-list |
| http://www.ubuntu.com/usn/USN-2338-1 | vendor-advisory |
| https://security.gentoo.org/glsa/201701-53 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2014/08/27/2 | mailing-list |
| http://www.securityfocus.com/bid/69342 | vdb-entry |
| http://secunia.com/advisories/59890 | third-party-advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:144 | vendor-advisory |
| http://www.debian.org/security/2014/dsa-3016 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2014/08/21/1 | mailing-list |
| http://secunia.com/advisories/60869 | third-party-advisory |
| http://www.debian.org/security/2014/dsa-3015 | vendor-advisory |
| http://secunia.com/advisories/61411 | third-party-advisory |
| http://www.lua.org/bugs.html#5.2.2-1 | N/A |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html | vendor-advisory |
| http://advisories.mageia.org/MGASA-2014-0414.html | N/A |
| https://security.gentoo.org/glsa/202305-23 | vendor-advisory |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Hyperlink | Source | Resource |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0414.html | secalert@redhat.com | Third Party Advisory |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/59890 | secalert@redhat.com | N/A |
| http://secunia.com/advisories/60869 | secalert@redhat.com | N/A |
| http://secunia.com/advisories/61411 | secalert@redhat.com | N/A |
| http://www.debian.org/security/2014/dsa-3015 | secalert@redhat.com | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-3016 | secalert@redhat.com | Third Party Advisory |
| http://www.lua.org/bugs.html#5.2.2-1 | secalert@redhat.com | Patch Vendor Advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:144 | secalert@redhat.com | Broken Link |
| http://www.openwall.com/lists/oss-security/2014/08/21/1 | secalert@redhat.com | Exploit Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/08/21/4 | secalert@redhat.com | Exploit Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/08/27/2 | secalert@redhat.com | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/69342 | secalert@redhat.com | Third Party Advisory VDB Entry |
| http://www.ubuntu.com/usn/USN-2338-1 | secalert@redhat.com | Third Party Advisory |
| https://security.gentoo.org/glsa/201701-53 | secalert@redhat.com | N/A |
| https://security.gentoo.org/glsa/202305-23 | secalert@redhat.com | N/A |
| http://advisories.mageia.org/MGASA-2014-0414.html | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/59890 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://secunia.com/advisories/60869 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://secunia.com/advisories/61411 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.debian.org/security/2014/dsa-3015 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-3016 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.lua.org/bugs.html#5.2.2-1 | af854a3a-2127-422b-91ae-364da2661108 | Patch Vendor Advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:144 | af854a3a-2127-422b-91ae-364da2661108 | Broken Link |
| http://www.openwall.com/lists/oss-security/2014/08/21/1 | af854a3a-2127-422b-91ae-364da2661108 | Exploit Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/08/21/4 | af854a3a-2127-422b-91ae-364da2661108 | Exploit Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/08/27/2 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/69342 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.ubuntu.com/usn/USN-2338-1 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| https://security.gentoo.org/glsa/201701-53 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://security.gentoo.org/glsa/202305-23 | af854a3a-2127-422b-91ae-364da2661108 | N/A |