Bug 1201146 (CVE-2022-33099) - VUL-0: CVE-2022-33099: lua54,lua53,lua51,lua: heap buffer overflow due to uncontrolled recursion in error handling
Summary: VUL-0: CVE-2022-33099: lua54,lua53,lua51,lua: heap buffer overflow due to unc...
Status: IN_PROGRESS
Alias: CVE-2022-33099
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/336077/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-33099:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-04 09:52 UTC by Carlos López
Modified: 2023-04-06 10:25 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Carlos López 2022-07-04 09:53:42 UTC 
This was introduced in Lua 5.4.2, so only openSUSE:Factory/lua54 is affected.
Comment 3 Callum Farmer 2022-07-04 10:58:12 UTC 
Lua 5.4.4 Patch 4
Comment 4 Callum Farmer 2022-07-04 11:00:08 UTC 
(In reply to Callum Farmer from comment #3)
> Lua 5.4.4 Patch 4

Completed on Jun  4 2022
.changes will be updated
Comment 5 Callum Farmer 2022-07-04 12:16:39 UTC 
in Factory
Comment 6 OBSbugzilla Bot 2022-07-04 12:40:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1201146) was mentioned in
https://build.opensuse.org/request/show/986624 Factory / lua54