CVE-2014-5461 - OpenCVE

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Lua	Lua
Mageia	Mageia
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:lua:lua:5.1:::::::*
	cpe:2.3:a:lua:lua:5.1.1:::::::*
	cpe:2.3:a:lua:lua:5.1.2:::::::*
	cpe:2.3:a:lua:lua:5.1.3:::::::*
	cpe:2.3:a:lua:lua:5.1.4:::::::*
	cpe:2.3:a:lua:lua:5.1.5:::::::*
	cpe:2.3:a:lua:lua:5.2.0:::::::*
	cpe:2.3:a:lua:lua:5.2.1:::::::*
	cpe:2.3:a:lua:lua:5.2.2:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:mageia:mageia:3.0:::::::*
	cpe:2.3:o:mageia:mageia:4.0:::::::*

No data.

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0414.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html
http://secunia.com/advisories/59890
http://secunia.com/advisories/60869
http://secunia.com/advisories/61411
http://www.debian.org/security/2014/dsa-3015
http://www.debian.org/security/2014/dsa-3016
http://www.lua.org/bugs.html#5.2.2-1
http://www.mandriva.com/security/advisories?name=MDVSA-2015:144
http://www.openwall.com/lists/oss-security/2014/08/21/1
http://www.openwall.com/lists/oss-security/2014/08/21/4
http://www.openwall.com/lists/oss-security/2014/08/27/2
http://www.securityfocus.com/bid/69342
http://www.ubuntu.com/usn/USN-2338-1
https://nvd.nist.gov/vuln/detail/CVE-2014-5461
https://security.gentoo.org/glsa/201701-53
https://security.gentoo.org/glsa/202305-23
https://www.cve.org/CVERecord?id=CVE-2014-5461

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-09-04T00:00:00

Updated: 2024-08-06T11:48:49.016Z

Reserved: 2014-08-26T00:00:00

Link: CVE-2014-5461

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-09-04T17:55:07.763

Modified: 2023-05-03T12:15:13.397

Link: CVE-2014-5461

Redhat

Severity : Moderate

Publid Date: 2013-04-17T00:00:00Z

Links: CVE-2014-5461 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object