CVE-2025-26204: Lua lpeg vulnerability

Published Mar 9, 2025

Updated

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Affected Software

1 affected component

Lua LPeg

Event History

Mar 9, 2025

CVE Published

via MITRE·12:00 AM

Rejected

via MITRE·12:00 AM

Data Sourced

via NVD·09:15 PM

Description

Rejected

via MITRE·09:15 PM

Frequently Asked Questions

What is the severity of CVE-2025-26204?

CVE-2025-26204 is considered a high severity vulnerability due to its potential to cause out-of-bounds read and segmentation violations.

How do I fix CVE-2025-26204?

To mitigate CVE-2025-26204, upgrade to Lua version 5.4.8 or later where this issue has been addressed.

What versions of Lua are affected by CVE-2025-26204?

CVE-2025-26204 affects Lua versions prior to 5.4.8.

What components of Lua are impacted by CVE-2025-26204?

CVE-2025-26204 impacts the debug library functionality within Lua.

Is there a workaround for CVE-2025-26204 until a patch is applied?

Disabling the use of the debug library can serve as a temporary workaround for CVE-2025-26204.

CVE-2025-26204: Lua lpeg vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-26204?

How do I fix CVE-2025-26204?

What versions of Lua are affected by CVE-2025-26204?

What components of Lua are impacted by CVE-2025-26204?

Is there a workaround for CVE-2025-26204 until a patch is applied?

Company

Resources

Contact