Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-43519

Published: 9 November 2021

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

Notes

AuthorNote
eslerm 
lua deprecated from grub on 2009-09-26
debian/grub-extras/lua/ not compiled-see debian/rules and GRUB_CONTRIB
contrary to description, vulnerability appears to be introduced after 5.1
leosilva 
for ceph , that ships with lua, lua affected is 5.4 up, for focal
it is using 5.3 , so not-affected. Also, code not found.
mdeslaur 
SUSE bug says "this bug is only present in Lua 5.4.2 and 5.4.3"
and the PoC crashing earlier versions may be unrelated to this
CVE.

Priority

Low

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
ardour
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

bam
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

blobby
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

ceph
Launchpad, Ubuntu, Debian 		bionic Not vulnerable

focal Not vulnerable

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
trusty Needs triage

upstream Needs triage

xenial Needs triage

darktable
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

eja
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
emscripten
Launchpad, Ubuntu, Debian 		bionic Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

enigma
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

freeciv
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

freedroidrpg
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

fs-uae
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

golly
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

goxel
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
grub2
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code-not-compiled)
focal Not vulnerable
(code-not-compiled)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(code-not-compiled)
kinetic Not vulnerable
(code-not-compiled)
lunar Not vulnerable
(code-not-compiled)
trusty Not vulnerable
(code-not-compiled)
upstream Needs triage

xenial Not vulnerable
(code-not-compiled)
gtk2-engines
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

haskell-hslua
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

hedgewars
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

lua5.1
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
lua5.2
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

lua5.3
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

lua5.4
Launchpad, Ubuntu, Debian 		bionic Does not exist

focal Does not exist

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.4.4-1)
kinetic Not vulnerable
(5.4.4-3)
lunar Not vulnerable
(5.4.4-3)
trusty Does not exist

upstream
Released (5.4.4-1)
xenial Does not exist

Patches:
upstream: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
lua50
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

luajit
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

mame
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

naev
Launchpad, Ubuntu, Debian 		focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
openscenegraph
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

redis
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal Not vulnerable
(uses system lua)
hirsute Not vulnerable
(uses system lua)
impish Not vulnerable
(uses system lua)
jammy Not vulnerable
(uses system lua)
kinetic Not vulnerable
(uses system lua)
lunar Not vulnerable
(uses system lua)
trusty Needs triage

upstream Needs triage

xenial Not vulnerable
(code not present)
rust-lua52-sys
Launchpad, Ubuntu, Debian 		focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
scite
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

scorched3d
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

scummvm
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

spring
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

syslinux
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

syslinux-legacy
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

tagua
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

tarantool
Launchpad, Ubuntu, Debian 		focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

texlive-bin
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

tup
Launchpad, Ubuntu, Debian 		focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
ufoai
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

vifm
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

wcc
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
wesnoth
Launchpad, Ubuntu, Debian 		trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
widelands
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

xmoto
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

zfs-linux
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading