CVE-2020-24370

Published: Aug 17, 2020Modified: May 5, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

Affected (20)

Products: Lua: Lua · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Lua Lua	Version 5.2.0
Lua Lua	Version 5.2.0 alpha
Lua Lua	Version 5.2.0 beta
Lua Lua	Version 5.2.1
Lua Lua	Version 5.2.2
Lua Lua	Version 5.2.3
Lua Lua	Version 5.3.0
Lua Lua	Version 5.3.0 alpha
Lua Lua	Version 5.3.0 beta
Lua Lua	Version 5.3.1
Lua Lua	Version 5.3.2
Lua Lua	Version 5.3.3
Lua Lua	Version 5.3.4
Lua Lua	Version 5.3.5
Lua Lua	Version 5.4.0
Lua Lua	Version 5.4.0 alpha
Lua Lua	Version 5.4.0 beta

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (12)

http://lua-users.org/lists/lua-l/2020-07/msg00324.html

Source: cve@mitre.org

ExploitMailing ListVendor Advisory

https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html

Source: cve@mitre.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/

Source: cve@mitre.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/

Source: cve@mitre.org

Third Party Advisory

http://lua-users.org/lists/lua-l/2020-07/msg00324.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListVendor Advisory

https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.