Bug 1194575 (CVE-2021-44647) - VUL-1: CVE-2021-44647: lua54: type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Summary: VUL-1: CVE-2021-44647: lua54: type confusion in funcnamefromcode function in ...
Status: RESOLVED FIXED
Alias: CVE-2021-44647
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/320015/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-12 09:25 UTC by Thomas Leroy
Modified: 2024-06-07 13:46 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
crasher (167 bytes, text/x-lua)
2022-01-12 09:25 UTC, Thomas Leroy 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-01-12 09:25:13 UTC 
CVE-2021-44647

Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode
function in ldebug.c which can cause a local denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44647
http://www.cvedetails.com/cve/CVE-2021-44647/
http://lua-users.org/lists/lua-l/2021-11/msg00204.html
http://lua-users.org/lists/lua-l/2021-11/msg00195.html
Comment 1 Thomas Leroy 2022-01-12 09:25:49 UTC 
Created attachment 855184 [details]
crasher
Comment 2 Thomas Leroy 2022-01-12 09:27:52 UTC 
Only openSUSE:Factory/lua54 is affected. This version indeed triggers a SEGV with the attached poc.
Comment 3 Matej Cepl 2022-06-24 09:58:57 UTC 
Callum, do you have any idea, whether this bug has been fixed by chance by some of your later commits to lua54, please?

Thank you for all your work on maintaining lua in openSUSE, but could I ask that you also check (and mark in the changelog) whether your patches fix any known bug on lua packages, please?

Thank you again for all your effort.
Comment 4 Callum Farmer 2022-06-24 11:13:25 UTC 
(In reply to Matej Cepl from comment #3)
> Callum, do you have any idea, whether this bug has been fixed by chance by
> some of your later commits to lua54, please?
> 
> Thank you for all your work on maintaining lua in openSUSE, but could I ask
> that you also check (and mark in the changelog) whether your patches fix any
> known bug on lua packages, please?
> 
> Thank you again for all your effort.

I wasn't CC'ed to this until now and Lua website doesn't tell me. I always do this when I know about it.

(In reply to Thomas Leroy from comment #0)
> CVE-2021-44647
> 
> Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in
> funcnamefromcode
> function in ldebug.c which can cause a local denial of service.

5.4.3 not 5.4.2/5.4.4
The fix was 5.4.3 Patch 9. I'll update changelog.
Comment 5 OBSbugzilla Bot 2022-06-24 12:40:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1194575) was mentioned in
https://build.opensuse.org/request/show/984874 Factory / lua54
Comment 8 Gabriele Sonnu 2024-06-07 13:46:54 UTC 
All done, closing.