CVE-2020-15888
HIGH EPSS 82.3%
Published Jul 21, 20205y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
Published Jul 21, 2020 5y ago
Last Modified Jun 17, 2026 2w ago
Description
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
82.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 3
CWE-125 Out-of-bounds Read Memory Safety
CWE-416 Use After Free Memory Safety
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| lua | lua | 5.4.0 | any |
References 6
- lua-users.org http://lua-users.org/lists/lua-l/2020-07/msg00053.html
- lua-users.org http://lua-users.org/lists/lua-l/2020-07/msg00054.html
- lua-users.org http://lua-users.org/lists/lua-l/2020-07/msg00071.html
- lua-users.org http://lua-users.org/lists/lua-l/2020-07/msg00079.html
- github.com https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
- github.com https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
Remediation
- github.com https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
- github.com https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5