Candidate: CVE-2020-15889 PublicDate: 2020-07-21 22:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15889 http://lua-users.org/lists/lua-l/2020-07/msg00078.html https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312 Description: Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Ubuntu-Description: Notes: leosilva> bug was introduced in commit f5f3df3bd17fb3489bbd26ab39fe1580a8dbf9c9 leosilva> which was merged in Lua 5.4 Mitigation: Bugs: Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_lua5.0: upstream_lua50: released precise/esm_lua50: DNE trusty_lua50: ignored (out of standard support) trusty/esm_lua50: DNE xenial_lua50: not-affected bionic_lua50: not-affected focal_lua50: not-affected devel_lua50: not-affected Patches_lua5.1: upstream_lua5.1: released precise/esm_lua5.1: not-affected trusty_lua5.1: ignored (out of standard support) trusty/esm_lua5.1: not-affected xenial_lua5.1: not-affected esm-infra/xenial_lua5.1: not-affected bionic_lua5.1: not-affected focal_lua5.1: not-affected devel_lua5.1: not-affected Patches_lua5.2: upstream_lua5.2: released precise/esm_lua5.2: DNE trusty_lua5.2: ignored (out of standard support) trusty/esm_lua5.2: not-affected xenial_lua5.2: not-affected esm-infra/xenial_lua5.2: not-affected bionic_lua5.2: not-affected focal_lua5.2: not-affected devel_lua5.2: not-affected Patches_lua5.3: upstream_lua5.3: released precise/esm_lua5.3: DNE trusty_lua5.3: ignored (out of standard support) trusty/esm_lua5.3: DNE xenial_lua5.3: not-affected esm-infra/xenial_lua5.3: not-affected bionic_lua5.3: not-affected focal_lua5.3: not-affected devel_lua5.3: not-affected Patches_lua5.4: upstream_lua5.4: needs-triage precise/esm_lua5.4: DNE trusty_lua5.4: ignored (out of standard support) trusty/esm_lua5.4: DNE xenial_lua5.4: DNE bionic_lua5.4: DNE focal_lua5.4: DNE devel_lua5.4: not-affected (5.4.0-2)