CVE-2020-15888 : Lua through 5.4.0 mishandles the interaction between stack resizes and garbage c

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

Published 2020-07-21 22:15:12

Updated 2023-05-16 22:31:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2020-15888

LUA » LUA » Version: 5.4.0
cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-15888

Top countries where our scanners detected CVE-2020-15888

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-15888 2

Find out if you^* are affected by CVE-2020-15888!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-15888

EPSS FAQ

1.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15888

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-15888

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-15888

http://lua-users.org/lists/lua-l/2020-07/msg00054.html

Heap overflow in luaT_adjustvarargs
Exploit;Mailing List;Third Party Advisory
http://lua-users.org/lists/lua-l/2020-07/msg00079.html

heap-buffer-overflow in luaD_pretailcall
Exploit;Mailing List;Third Party Advisory
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7

Keep minimum size when shrinking a stack · lua/lua@6298903 · GitHub
Patch;Third Party Advisory
http://lua-users.org/lists/lua-l/2020-07/msg00071.html

Heap overflow in luaH_get
Exploit;Mailing List;Third Party Advisory
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5

Fixed bugs of stack reallocation x GC · lua/lua@eb41999 · GitHub
Patch;Third Party Advisory
http://lua-users.org/lists/lua-l/2020-07/msg00053.html

Heap use after free in luaD_call
Exploit;Mailing List;Third Party Advisory