CVE-2021-43519

Description

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

How to fix CVE-2021-43519

To remediate CVE-2021-43519, upgrade the affected package to a fixed version below.

• Bitnami/lua—upgrade to 5.3.5 or later
• Debian/lua5.4—no fix listed

Is CVE-2021-43519 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 5.1.0, < 5.3.5, >= 5.4.0, < 5.4.4
• from 0

CVSS scores

References (6)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-43519
• WEBlua-users.org/lists/lua-l/2021-10/msg00123.html
• WEBlua-users.org/lists/lua-l/2021-11/msg00015.html
• WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7XHFYHGSZKL53VCLSJSAJ6VMFGAIXKO/