Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
Created lua tracking bugs for this issue:
Affects: fedora-all [bug 1860317]
The affected code was introduced via https://github.com/lua/lua/commit/f5f3df3bd17fb3489bbd26ab39fe1580a8dbf9c9 which is part of lua-5.4. Therefore versions of lua package shipped with Red Hat products is not affected by this flaw.