1860310 – (CVE-2020-15888) CVE-2020-15888 lua: stack resizes and garbage collection leads to heap-based buffer overflow

Bug 1860310 (CVE-2020-15888) - CVE-2020-15888 lua: stack resizes and garbage collection leads to heap-based buffer overflow

Summary: CVE-2020-15888 lua: stack resizes and garbage collection leads to heap-based ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-15888
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Florian Festi
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1860312 1861197 1861198 1861199 1861311 1861384 1861385 1910623
Blocks:	1860319
TreeView+	depends on / blocked

Reported:	2020-07-24 09:48 UTC by Dhananjay Arunesh
Modified:	2022-04-17 20:59 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Lua in versions through 5.4.0. The interactions between stack resizes and garbage collections are mishandled leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality.
Clone Of:
Environment:
Last Closed:	2020-07-31 11:59:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-07-24 09:48:56 UTC

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

References:
http://lua-users.org/lists/lua-l/2020-07/msg00053.html
http://lua-users.org/lists/lua-l/2020-07/msg00054.html
http://lua-users.org/lists/lua-l/2020-07/msg00071.html
http://lua-users.org/lists/lua-l/2020-07/msg00079.html
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5

Comment 1 Dhananjay Arunesh 2020-07-24 09:52:20 UTC

Created lua tracking bugs for this issue:

Affects: fedora-all [bug 1860312]

Comment 12 Vincent Latombe 2020-09-09 08:54:24 UTC

This affects rhel-8 as well. Why was it closed as NOTABUG?

Comment 13 Florian Festi 2020-09-09 14:51:31 UTC

Analysis has shown that the CVE does not actually apply to the code in RHEL8. In case you have a reproducer that "works" on RHEL-8 we are all too willing to re-open this issue.

Note You need to log in before you can comment on or make changes to this bug.