Hide Forgot
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://lua-users.org/lists/lua-l/2022-02/msg00001.html https://lua-users.org/lists/lua-l/2022-02/msg00070.html https://lua-users.org/lists/lua-l/2022-04/msg00009.html https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
Created lua tracking bugs for this issue: Affects: fedora-all [bug 2073889]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2582 https://access.redhat.com/errata/RHSA-2023:2582
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28805