Vulnerability Details : CVE-2014-5461
Potential exploit
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-5461
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:lua:lua:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
Threat overview for CVE-2014-5461
Top countries where our scanners detected CVE-2014-5461
Top open port discovered on systems with this issue
9080
IPs affected by CVE-2014-5461 211
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-5461!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-5461
22.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-5461
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5461
-
http://www.ubuntu.com/usn/USN-2338-1
USN-2338-1: Lua vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html
openSUSE-SU-2014:1145-1: moderate: luaThird Party Advisory
-
http://advisories.mageia.org/MGASA-2014-0414.html
Mageia Advisory: MGASA-2014-0414 - Updated lua and lua5.1 packages fix security vulnerabilityThird Party Advisory
-
https://security.gentoo.org/glsa/202305-23
Lua: Multiple Vulnerabilities (GLSA 202305-23) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:144
mandriva.comBroken Link
-
http://www.openwall.com/lists/oss-security/2014/08/27/2
oss-security - Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]Mailing List;Third Party Advisory
-
http://secunia.com/advisories/61411
Sign in
-
http://www.openwall.com/lists/oss-security/2014/08/21/1
oss-security - CVE request: possible overflow in vararg functionsExploit;Mailing List;Patch;Third Party Advisory
-
http://secunia.com/advisories/60869
Sign in
-
http://secunia.com/advisories/59890
Sign in
-
http://www.securityfocus.com/bid/69342
Lua 'ldo.c' Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2014/dsa-3015
Debian -- Security Information -- DSA-3015-1 lua5.1Third Party Advisory
-
http://www.lua.org/bugs.html#5.2.2-1
Lua: bugsPatch;Vendor Advisory
-
https://security.gentoo.org/glsa/201701-53
Lua: Buffer overflow (GLSA 201701-53) — Gentoo security
-
http://www.debian.org/security/2014/dsa-3016
Debian -- Security Information -- DSA-3016-1 lua5.2Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/08/21/4
oss-security - Re: CVE request: possible overflow in vararg functionsExploit;Mailing List;Patch;Third Party Advisory
Jump to