Bug 1194575 - (CVE-2021-44647) VUL-1: CVE-2021-44647: lua54: type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
(CVE-2021-44647)
VUL-1: CVE-2021-44647: lua54: type confusion in funcnamefromcode function in ...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Matej Cepl
Security Team bot
https://smash.suse.de/issue/320015/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-12 09:25 UTC by Thomas Leroy
Modified: 2022-06-24 12:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
crasher (167 bytes, text/x-lua)
2022-01-12 09:25 UTC, Thomas Leroy
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-01-12 09:25:13 UTC
CVE-2021-44647

Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode
function in ldebug.c which can cause a local denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44647
http://www.cvedetails.com/cve/CVE-2021-44647/
http://lua-users.org/lists/lua-l/2021-11/msg00204.html
http://lua-users.org/lists/lua-l/2021-11/msg00195.html
Comment 1 Thomas Leroy 2022-01-12 09:25:49 UTC
Created attachment 855184 [details]
crasher
Comment 2 Thomas Leroy 2022-01-12 09:27:52 UTC
Only openSUSE:Factory/lua54 is affected. This version indeed triggers a SEGV with the attached poc.
Comment 3 Matej Cepl 2022-06-24 09:58:57 UTC
Callum, do you have any idea, whether this bug has been fixed by chance by some of your later commits to lua54, please?

Thank you for all your work on maintaining lua in openSUSE, but could I ask that you also check (and mark in the changelog) whether your patches fix any known bug on lua packages, please?

Thank you again for all your effort.
Comment 4 Callum Farmer 2022-06-24 11:13:25 UTC
(In reply to Matej Cepl from comment #3)
> Callum, do you have any idea, whether this bug has been fixed by chance by
> some of your later commits to lua54, please?
> 
> Thank you for all your work on maintaining lua in openSUSE, but could I ask
> that you also check (and mark in the changelog) whether your patches fix any
> known bug on lua packages, please?
> 
> Thank you again for all your effort.

I wasn't CC'ed to this until now and Lua website doesn't tell me. I always do this when I know about it.

(In reply to Thomas Leroy from comment #0)
> CVE-2021-44647
> 
> Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in
> funcnamefromcode
> function in ldebug.c which can cause a local denial of service.

5.4.3 not 5.4.2/5.4.4
The fix was 5.4.3 Patch 9. I'll update changelog.
Comment 5 OBSbugzilla Bot 2022-06-24 12:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1194575) was mentioned in
https://build.opensuse.org/request/show/984874 Factory / lua54