CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.4%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 4.3

References

http://lua-users.org/lists/lua-l/2021-11/msg00186.html
http://lua-users.org/lists/lua-l/2021-12/msg00007.html
http://lua-users.org/lists/lua-l/2021-12/msg00015.html
http://lua-users.org/lists/lua-l/2021-12/msg00030.html
https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
http://lua-users.org/lists/lua-l/2021-11/msg00186.html
http://lua-users.org/lists/lua-l/2021-12/msg00007.html
http://lua-users.org/lists/lua-l/2021-12/msg00015.html
http://lua-users.org/lists/lua-l/2021-12/msg00030.html
https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability

Products affected by CVE-2021-44964

Lua » Lua » Version: 5.4.0

cpe:2.3:a:lua:lua:5.4.0
Lua » Lua » Version: 5.4.1

cpe:2.3:a:lua:lua:5.4.1
Lua » Lua » Version: 5.4.2

cpe:2.3:a:lua:lua:5.4.2
Lua » Lua » Version: 5.4.3

cpe:2.3:a:lua:lua:5.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44964

Products

Pricing

Contact Us