Candidate: CVE-2020-24342 PublicDate: 2020-08-13 19:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24342 http://lua-users.org/lists/lua-l/2020-07/msg00052.html Description: Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Ubuntu-Description: Notes: mdeslaur> couldn't reproduce on lua earlier than 5.4, and problematic code mdeslaur> doesn't seem present. Marking as not-affected. Mitigation: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_lua50: upstream_lua50: needs-triage precise/esm_lua50: DNE trusty_lua50: ignored (out of standard support) trusty/esm_lua50: DNE xenial_lua50: not-affected (code not present) bionic_lua50: not-affected (code not present) focal_lua50: not-affected (code not present) groovy_lua50: not-affected (code not present) hirsute_lua50: not-affected (code not present) impish_lua50: not-affected (code not present) jammy_lua50: DNE devel_lua50: DNE Patches_lua5.1: upstream_lua5.1: needs-triage precise/esm_lua5.1: not-affected (code not present) trusty_lua5.1: ignored (out of standard support) trusty/esm_lua5.1: not-affected (code not present) xenial_lua5.1: not-affected (code not present) esm-infra/xenial_lua5.1: not-affected (code not present) bionic_lua5.1: not-affected (code not present) focal_lua5.1: not-affected (code not present) groovy_lua5.1: not-affected (code not present) hirsute_lua5.1: not-affected (code not present) impish_lua5.1: not-affected (code not present) jammy_lua5.1: not-affected (code not present) devel_lua5.1: not-affected (code not present) Patches_lua5.2: upstream_lua5.2: needs-triage precise/esm_lua5.2: DNE trusty_lua5.2: ignored (out of standard support) trusty/esm_lua5.2: not-affected (code not present) xenial_lua5.2: not-affected (code not present) esm-infra/xenial_lua5.2: not-affected (code not present) bionic_lua5.2: not-affected (code not present) focal_lua5.2: not-affected (code not present) groovy_lua5.2: not-affected (code not present) hirsute_lua5.2: not-affected (code not present) impish_lua5.2: not-affected (code not present) jammy_lua5.2: not-affected (code not present) devel_lua5.2: not-affected (code not present) Patches_lua5.3: upstream_lua5.3: needs-triage precise/esm_lua5.3: DNE trusty_lua5.3: ignored (out of standard support) trusty/esm_lua5.3: DNE xenial_lua5.3: not-affected (code not present) esm-infra/xenial_lua5.3: not-affected (code not present) bionic_lua5.3: not-affected (code not present) focal_lua5.3: not-affected (code not present) groovy_lua5.3: not-affected (code not present) hirsute_lua5.3: not-affected (code not present) impish_lua5.3: not-affected (code not present) jammy_lua5.3: not-affected (code not present) devel_lua5.3: not-affected (code not present) Patches_lua5.4: upstream: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27 upstream_lua5.4: needs-triage precise/esm_lua5.4: DNE trusty_lua5.4: ignored (out of standard support) trusty/esm_lua5.4: DNE xenial_lua5.4: DNE bionic_lua5.4: DNE focal_lua5.4: DNE groovy_lua5.4: ignored (reached end-of-life) hirsute_lua5.4: not-affected (5.4.1-1) impish_lua5.4: not-affected (5.4.1-1) jammy_lua5.4: not-affected (5.4.1-1) devel_lua5.4: not-affected (5.4.1-1)