CVE-2014-5461

Published: 28 August 2014

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Priority

Medium

Status

Package Release Status
lua5.1
Launchpad, Ubuntu, Debian
Upstream
Released (5.1.5-7)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.1.5-5ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.1.5-5ubuntu0.1)
lua5.2
Launchpad, Ubuntu, Debian
Upstream
Released (5.2.3-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(5.2.3-1)
Patches:
Upstream: http://www.lua.org/bugs.html#5.2.2-1
lua50
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(5.0.3-7)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [5.0.3-7])