CVE-2021-45985: High severity microsoft windows server 2025 vulnerability

Published Apr 10, 2023
·
Updated

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

Other sources

Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read

Microsoft

This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.

Microsoft

Affected Software

23 affected componentsFixes available
Microsoft Windows Server 2025
Patch available
Microsoft Windows Server 2025
Patch available
Microsoft CBL Mariner 2.0 x64
Patch availablePatch availablePatch available
Microsoft CBL Mariner 2.0 ARM
Patch availablePatch availablePatch available
Microsoft Windows Server 2022, 23H2 Edition
Patch available
Microsoft Azure Linux 3.0 x64
Patch available
Microsoft Azure Linux 3.0 ARM
Patch available
Lua Lua=5.4.3
Microsoft Windows 11=23H2
Patch available
Microsoft Windows 11=22H2
Patch available
Microsoft Windows 11=22H2
Patch available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows 11=24H2
Patch available
Microsoft Windows 11=23H2
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows Server 2022
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=22H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 10=21H2
Patch available
Microsoft Windows 10=21H2
Patch available
Lua Lua>=5.4.0<5.4.4

Remediation

Patch Available

https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5

Event History

Apr 10, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·09:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 14, 2023
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2021-45985?

CVE-2021-45985 is a vulnerability in Lua 5.4.3 that causes an erroneous finalizer to be called during a tail call, leading to a heap-based buffer over-read.

2

What is the severity of CVE-2021-45985?

The severity of CVE-2021-45985 is high, with a severity value of 7.5.

3

How does CVE-2021-45985 impact Lua 5.4.3?

CVE-2021-45985 can cause a heap-based buffer over-read in Lua 5.4.3 due to an erroneous finalizer called during a tail call.

4

How can I fix CVE-2021-45985?

To fix CVE-2021-45985, update Lua to version 5.4.4 or later, which includes a patch for the vulnerability.

5

Where can I find more information about CVE-2021-45985?

You can find more information about CVE-2021-45985 on the Lua mailing list, Lua GitHub repository, and Lua bug tracker.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203