CVE-2021-45985: Out-of-bounds Write

April 10, 2023 (updated April 14, 2023)

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

References

lua-users.org/lists/lua-l/2021-12/msg00019.html
github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5
nvd.nist.gov/vuln/detail/CVE-2021-45985
www.lua.org/bugs.html

Detect and mitigate CVE-2021-45985 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →