CVE-2014-5461

NONE EPSS 95.5%
Published Sep 4, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 4, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Threat Intelligence

EPSS Exploit Probability
95.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 16

VendorProductVersionRange
opensuseopensuse12.3any
opensuseopensuse13.1any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
debiandebian_linux7.0any
lualua5.1any
lualua5.1.1any
lualua5.1.2any
lualua5.1.3any
lualua5.1.4any
lualua5.1.5any
lualua5.2.0any
lualua5.2.1any
lualua5.2.2any
mageiamageia3.0any
mageiamageia4.0any

References 16

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0414.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/59890
  • secunia.com http://secunia.com/advisories/60869
  • secunia.com http://secunia.com/advisories/61411
  • debian.org http://www.debian.org/security/2014/dsa-3015
    Third Party Advisory
  • debian.org http://www.debian.org/security/2014/dsa-3016
    Third Party Advisory
  • lua.org http://www.lua.org/bugs.html#5.2.2-1
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:144
    Broken Link
  • openwall.com http://www.openwall.com/lists/oss-security/2014/08/21/1
    ExploitMailing ListPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2014/08/21/4
    ExploitMailing ListPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2014/08/27/2
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/69342
    Third Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/USN-2338-1
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201701-53
  • security.gentoo.org https://security.gentoo.org/glsa/202305-23

Remediation

  • lua.org http://www.lua.org/bugs.html#5.2.2-1
    PatchVendor Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2014/08/21/1
    ExploitMailing ListPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2014/08/21/4
    ExploitMailing ListPatchThird Party Advisory