CVE-2021-44647: Access of Resource Using Incompatible Type ('Type Confusion')

January 11, 2022 (updated November 7, 2023)

Lua are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

References

lua-users.org/lists/lua-l/2021-11/msg00195.html
lua-users.org/lists/lua-l/2021-11/msg00204.html
nvd.nist.gov/vuln/detail/CVE-2021-44647

Detect and mitigate CVE-2021-44647 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →