CVE-2021-44647: Medium severity lua lpeg vulnerability
Published Jan 11, 2022
·Updated
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Affected Software
2 affected components
Lua LPeg=5.4.3
fedoraproject fedora=34
Remediation
Patch Available
Event History
Jan 11, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Frequently Asked Questions
1
What is CVE-2021-44647?
CVE-2021-44647 is a vulnerability in Lua v5.4.3 and above that can cause a local denial of service due to a type confusion in the funcnamefromcode function in ldebug.c.
2
How does CVE-2021-44647 affect Lua?
CVE-2021-44647 affects Lua v5.4.3 and above, potentially leading to a local denial of service.
3
What is the severity of CVE-2021-44647?
The severity of CVE-2021-44647 is medium, with a severity value of 5.5.
4
How can I fix CVE-2021-44647?
To fix CVE-2021-44647, update to a version of Lua that addresses the vulnerability.
5
Where can I find more information about CVE-2021-44647?
You can find more information about CVE-2021-44647 on the Lua mailing list and the Red Hat CVE database.