Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68703 - [lua51] CVE-2014-5461
Attached to Project:
Arch Linux
Opened by Kekw (defty) - Sunday, 22 November 2020, 00:24 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 21 April 2021, 11:23 GMT
Opened by Kekw (defty) - Sunday, 22 November 2020, 00:24 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 21 April 2021, 11:23 GMT
|
DetailsBuffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
This is patched in Debian and Gentoo. Seems to be unpatched in openSUSE Tumbleweed. Here is the link: https://nvd.nist.gov/vuln/detail/CVE-2014-5461 diff --git a/src/ldo.c b/src/ldo.c index d1bf786..d43f611 100644 --- a/src/ldo.c +++ b/src/ldo.c @@ -217,7 +217,7 @@ static StkId adjust_varargs (lua_State *L, Proto *p, int actual) { int nvar = actual - nfixargs; /* number of extra arguments */ lua_assert(p->is_vararg & VARARG_HASARG); luaC_checkGC(L); - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); htab = luaH_new(L, nvar, 1); /* create `arg' table */ for (i=0; i<nvar; i++) /* put extra arguments into `arg' table */ setobj2n(L, luaH_setnum(L, htab, i+1), L->top - nvar + i); |
This task depends upon