FS#68703 - [lua51] CVE-2014-5461
Attached to Project:
Arch Linux
Opened by Kekw (defty) - Sunday, 22 November 2020, 00:24 GMT
Last edited by Caleb Maclennan (alerque) - Wednesday, 20 September 2023, 06:41 GMT
Opened by Kekw (defty) - Sunday, 22 November 2020, 00:24 GMT
Last edited by Caleb Maclennan (alerque) - Wednesday, 20 September 2023, 06:41 GMT
|
Details
Buffer overflow in the vararg functions in ldo.c in Lua 5.1
through 5.2.x before 5.2.3 allows context-dependent
attackers to cause a denial of service (crash) via a small
number of arguments to a function with a large number of
fixed arguments.
This is patched in Debian and Gentoo. Seems to be unpatched in openSUSE Tumbleweed. Here is the link: https://nvd.nist.gov/vuln/detail/CVE-2014-5461 diff --git a/src/ldo.c b/src/ldo.c index d1bf786..d43f611 100644 --- a/src/ldo.c +++ b/src/ldo.c @@ -217,7 +217,7 @@ static StkId adjust_varargs (lua_State *L, Proto *p, int actual) { int nvar = actual - nfixargs; /* number of extra arguments */ lua_assert(p->is_vararg & VARARG_HASARG); luaC_checkGC(L); - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); htab = luaH_new(L, nvar, 1); /* create `arg' table */ for (i=0; i<nvar; i++) /* put extra arguments into `arg' table */ setobj2n(L, luaH_setnum(L, htab, i+1), L->top - nvar + i); |
This task depends upon
Closed by Caleb Maclennan (alerque)
Wednesday, 20 September 2023, 06:41 GMT
Reason for closing: Fixed
Additional comments about closing: 5.1.5-10 includes this patch
Wednesday, 20 September 2023, 06:41 GMT
Reason for closing: Fixed
Additional comments about closing: 5.1.5-10 includes this patch
Comment by
Buggy McBugFace (bugbot) - Tuesday,
08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2
years. Please reply if you still experience this bug otherwise
this issue will be closed after 1 month.