CVE-2020-15889

Out-of-bounds Read in conan/lua

Identifiers

CVE-2020-15889

Package Slug

conan/lua

Vulnerability

Out-of-bounds Read

Description

Lua's getobjname suffers from a heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.

Affected Versions

Version 5.4.0

Solution

Upgrade to version 5.4.1 or above.

Last Modified

2020-07-27

source