CVE-2020-15945
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15945
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15945.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-15945
- Aliases
- Downstream
- Related
- Published
- 2020-07-24T21:15:34Z
- Modified
- 2025-10-21T05:41:42.007651Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
- References
Affected packages
Git / github.com/lua/lua
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lua/lua
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.2
v2.*
v2.1
v2.2
v2.3-beta
v2.4
v2.4-beta
v2.5
v2.5-beta
v2.5.1
v3.*
v3.0
v3.0-alpha
v3.1
v3.1-alpha
v3.2
v3.2-beta
v4.*
v4.0
v4.0-alpha
v4.0-beta
v4.1-alpha
v5.*
v5.0
v5.0-alpha
v5.0-beta
v5.1
v5.1-alpha
v5.1-beta
v5.1.1
v5.2-alpha
v5.2-beta
v5.2.0
v5.2.1
v5.2.2
v5.3-alpha
v5.3-beta
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-alpha
v5.4-beta
v5.4-w2
v5.4.0
Database specific
vanir_signatures
[
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"file": "lstate.c"
},
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15945-19c6daf9",
"signature_version": "v1",
"digest": {
"line_hashes": [
"287192634004727551527939586181924269932",
"274255088578381943778602658044565137928",
"302130712472896979106335948257183954877",
"312214899722359748752012827686809810105"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"function": "lua_sethook",
"file": "ldebug.c"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15945-47c36360",
"signature_version": "v1",
"digest": {
"function_hash": "62736101661873712014908231113714947026",
"length": 385.0
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"file": "lstate.h"
},
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15945-5b967efd",
"signature_version": "v1",
"digest": {
"line_hashes": [
"95429948575861376923991588268707015234",
"273864006021711298157286354081182832124",
"67704214408290045091901196539613708583",
"311697270559889404826088760805203031801",
"36929269663881341534977643666069435582",
"231607116081866341391134113829397259525",
"141542653895552926429558482152744119849",
"323905404835571947602237650310697985964"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"function": "luaV_execute",
"file": "lvm.c"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15945-5e1e5728",
"signature_version": "v1",
"digest": {
"function_hash": "306508976492688483867018714090201110428",
"length": 15864.0
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"function": "preinit_thread",
"file": "lstate.c"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15945-965e3f8a",
"signature_version": "v1",
"digest": {
"function_hash": "73228160749920847031617698733708159911",
"length": 429.0
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"file": "ldo.c"
},
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15945-ae44ab38",
"signature_version": "v1",
"digest": {
"line_hashes": [
"246844241350974247765303425970524980700",
"47851809143420456851929641194009130726",
"61084527410730799872259490356942813921",
"244740145454364051445274161567570188684",
"169960933616533054554593504748967283997",
"207238067517948898418237346196745869579",
"250490646186909752362845643965329409555",
"107123582922510385313572946610566578068",
"174519258625272331544025819313287915673"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"function": "rethook",
"file": "ldo.c"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15945-beea6195",
"signature_version": "v1",
"digest": {
"function_hash": "123489847259203439377481335534468369504",
"length": 732.0
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"function": "luaG_traceexec",
"file": "ldebug.c"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15945-d242d89d",
"signature_version": "v1",
"digest": {
"function_hash": "294202383311931165159724760380940233711",
"length": 1177.0
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"file": "ldebug.c"
},
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15945-defa0c6a",
"signature_version": "v1",
"digest": {
"line_hashes": [
"164996234144512580017478739116976845737",
"117643623070754041812545032044414062455",
"188155607413772914816611264750391157288",
"55047227023161513365280177439093216419",
"174541184384929750357419476106665318513",
"289296978187595691772109228634836685181",
"103413706918097626829061777227705613525",
"39703345779430427769702986375944428705",
"118413824755669859290850840685638792814",
"326105908386207216637035167587097721374",
"253131680156336864839643148664388157824",
"257154967245482473974603034905532593743",
"8866757965152967660475381109002430932",
"283583517597706205043460995415619269999",
"252187278128377095359608730677865696776",
"113592560286193111120549654207022825160",
"306864358839741255107307737154717712309",
"136528560185200778266864045689498551408",
"114069259250585297629443527745879968827",
"256155706389959878623957988551946673458",
"329832938051680175797582163019189067310",
"336001841472458717705245979156270884108",
"179695158233417394524558382259840005928",
"221257756573081795167020732963033694031",
"29080699811238547596693091638563942825",
"129250242227833116354386067425791631450",
"119039124302107785144697284946045946194",
"73403090988095296428900197732391942108",
"133080238017401727040127613538182971170",
"48215149572452346017214009213839261661",
"107794786123033825083228400348781777413",
"72695911509914351619695244957656273762"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3",
"target": {
"file": "lvm.c"
},
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15945-e0696b47",
"signature_version": "v1",
"digest": {
"line_hashes": [
"2493347623197736049285124519438679755",
"258756140125734514204832612276739303603",
"336906736912328082593578869120484310608",
"116753382556258310902612286018217057081"
],
"threshold": 0.9
}
}
]