| Snyk

Threat Intelligence

0.3% (70^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UBUNTU1604-LUA50-630361
published4 Sept 2014
disclosed4 Sept 2014

Report a new vulnerability Found a mistake?

Introduced: 4 Sep 2014

CVE-2014-5461 (opens in a new tab) CWE-119 (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:16.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream lua50 package and not the lua50 package as distributed by Ubuntu.

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

References

http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5461
http://advisories.mageia.org/MGASA-2014-0414.html
http://www.lua.org/bugs.html#5.2.2-1
http://www.debian.org/security/2014/dsa-3015
http://www.debian.org/security/2014/dsa-3016
https://security-tracker.debian.org/tracker/CVE-2014-5461
https://security.gentoo.org/glsa/201701-53
http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html
http://www.openwall.com/lists/oss-security/2014/08/21/1
http://www.openwall.com/lists/oss-security/2014/08/21/4
http://www.openwall.com/lists/oss-security/2014/08/27/2
http://secunia.com/advisories/59890
http://secunia.com/advisories/60869
http://secunia.com/advisories/61411
http://www.securityfocus.com/bid/69342
http://www.ubuntu.com/usn/USN-2338-1
http://www.mandriva.com/security/advisories?name=MDVSA-2015:144
https://security.gentoo.org/glsa/202305-23