Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#68703 - [lua51] CVE-2014-5461

Attached to Project: Arch Linux
Opened by Kekw (defty) - Sunday, 22 November 2020, 00:24 GMT
Task Type Bug Report
Category Packages: Extra
Status Unconfirmed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

This is patched in Debian and Gentoo. Seems to be unpatched in openSUSE Tumbleweed.

Here is the link: https://nvd.nist.gov/vuln/detail/CVE-2014-5461

diff --git a/src/ldo.c b/src/ldo.c
index d1bf786..d43f611 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -217,7 +217,7 @@ static StkId adjust_varargs (lua_State *L, Proto *p, int actual) {
int nvar = actual - nfixargs; /* number of extra arguments */
lua_assert(p->is_vararg & VARARG_HASARG);
luaC_checkGC(L);
- luaD_checkstack(L, p->maxstacksize);
+ luaD_checkstack(L, p->maxstacksize + p->numparams);
htab = luaH_new(L, nvar, 1); /* create `arg' table */
for (i=0; i<nvar; i++) /* put extra arguments into `arg' table */
setobj2n(L, luaH_setnum(L, htab, i+1), L->top - nvar + i);
This task depends upon

Loading...