singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Created lua tracking bugs for this issue:
Affects: fedora-all [bug 2073889]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:2582 https://access.redhat.com/errata/RHSA-2023:2582
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):