system/lua5.3: CVE-2020-24370: negation overflow in getlocal()
Bugzilla ID | 350 |
Alias(es) | CVE-2020-24370 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-09-04 16:30:04 -0500 |
Modified | 2020-09-22 22:30:26 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/lua5.3 |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-24370 |
Description
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation
fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Unreleased fix https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b