Filtered by vendor Lua
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28805 | 1 Lua | 1 Lua | 2022-07-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | |||||
| CVE-2020-15889 | 1 Lua | 1 Lua | 2020-12-23 | 7.5 HIGH | 9.8 CRITICAL |
| Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |||||