CVE-2021-44964 - OpenCVE

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lua	Lua
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
lua-0:5.4.4-2.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:0957	2023-02-28T00:00:00Z
lua-0:5.4.4-2.el9_1	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:0957	2023-02-28T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
lua-0:5.4.4-1.el9_0.1	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1211	2023-03-14T00:00:00Z

References

Link	Providers
http://lua-users.org/lists/lua-l/2021-11/msg00186.html
http://lua-users.org/lists/lua-l/2021-12/msg00007.html
http://lua-users.org/lists/lua-l/2021-12/msg00015.html
http://lua-users.org/lists/lua-l/2021-12/msg00030.html
https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-44964
https://www.cve.org/CVERecord?id=CVE-2021-44964
https://www.lua.org/bugs.html#5.4.4-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-14T14:24:51

Updated: 2024-08-04T04:32:13.466Z

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-44964

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-14T15:15:09.373

Modified: 2022-03-21T05:17:19.807

Link: CVE-2021-44964

Redhat

Severity : Important

Publid Date: 2021-11-29T00:00:00Z

Links: CVE-2021-44964 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-14T14:24:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html", "refsource": "MISC", "url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"}, {"name": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html", "refsource": "MISC", "url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"}, {"name": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html", "refsource": "MISC", "url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"}, {"name": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html", "refsource": "MISC", "url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"}, {"name": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability", "refsource": "MISC", "url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:32:13.466Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44964", "datePublished": "2022-03-14T14:24:51", "dateReserved": "2021-12-13T00:00:00", "dateUpdated": "2024-08-04T04:32:13.466Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*", "matchCriteriaId": "36E29101-6009-4A41-AF33-FDD5EA753F91", "versionEndIncluding": "5.4.3", "versionStartIncluding": "5.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file."}, {"lang": "es", "value": "Un uso de memoria previamente liberada en el recolector de basura y en el finalizador de lgc.c en el int\u00e9rprete de Lua versiones 5.4.0~5.4.3, permite a atacantes llevar a cabo un Escape del Sandbox por medio de un archivo de script dise\u00f1ado"}], "id": "CVE-2021-44964", "lastModified": "2022-03-21T05:17:19.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-14T15:15:09.373", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Technical Description", "Vendor Advisory"], "url": "http://lua-users.org/lists/lua-l/2021-11/msg00186.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lua-users.org/lists/lua-l/2021-12/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0957", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "lua-0:5.4.4-2.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0957", "cpe": "cpe:/o:redhat:enterprise_linux:9", "impact": "moderate", "package": "lua-0:5.4.4-2.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:1211", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "lua-0:5.4.4-1.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}], "bugzilla": {"description": "lua: use after free allows Sandbox Escape", "id": "2064772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064772"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape."], "mitigation": {"lang": "en:us", "value": "Ensure that the Lua interpreter runs only trusted scripts."}, "name": "CVE-2021-44964", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "lua", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "lua", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/lua", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "lua", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "lua", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2021-11-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-44964\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44964\nhttp://lua-users.org/lists/lua-l/2021-12/msg00007.html\nhttps://www.lua.org/bugs.html#5.4.4-1"], "statement": "This flaw does not affect versions of Lua shipped with Red Hat Enterprise Linux 6, 7, or 8; the vulnerable code was introduced in a subsequent version of Lua.", "threat_severity": "Important", "upstream_fix": "lua 5.4.4"}