ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"
],
"vendor_product": "fedoraproject:fedora",
"extracted_events": [
{
"introduced": "31"
},
{
"last_affected": "31"
},
{
"introduced": "32"
},
{
"last_affected": "32"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:lua:lua:5.2.0:alpha:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.2.0:beta:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.0:alpha:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.0:beta:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.4.0:alpha:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.4.0:beta:*:*:*:*:*:*"
],
"vendor_product": "lua:lua",
"extracted_events": [
{
"introduced": "5.2.0-alpha"
},
{
"last_affected": "5.2.0-alpha"
},
{
"introduced": "5.2.0-beta"
},
{
"last_affected": "5.2.0-beta"
},
{
"introduced": "5.3.0-alpha"
},
{
"last_affected": "5.3.0-alpha"
},
{
"introduced": "5.3.0-beta"
},
{
"last_affected": "5.3.0-beta"
},
{
"introduced": "5.4.0-alpha"
},
{
"last_affected": "5.4.0-alpha"
},
{
"introduced": "5.4.0-beta"
},
{
"last_affected": "5.4.0-beta"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:lua:lua:5.2.0:-:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:lua:lua:5.4.0:-:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "5.2.0-NA"
},
{
"last_affected": "5.2.0-NA"
},
{
"introduced": "5.2.1"
},
{
"last_affected": "5.2.1"
},
{
"introduced": "5.2.2"
},
{
"last_affected": "5.2.2"
},
{
"introduced": "5.2.3"
},
{
"last_affected": "5.2.3"
},
{
"introduced": "5.3.0-NA"
},
{
"last_affected": "5.3.0-NA"
},
{
"introduced": "5.3.1"
},
{
"last_affected": "5.3.1"
},
{
"introduced": "5.3.2"
},
{
"last_affected": "5.3.2"
},
{
"introduced": "5.3.3"
},
{
"last_affected": "5.3.3"
},
{
"introduced": "5.3.4"
},
{
"last_affected": "5.3.4"
},
{
"introduced": "5.3.5"
},
{
"last_affected": "5.3.5"
},
{
"introduced": "5.4.0-NA"
},
{
"last_affected": "5.4.0-NA"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "160457310741932794514906761248697216809",
"length": 606.0
},
"target": {
"function": "luaG_findlocal",
"file": "ldebug.c"
},
"id": "CVE-2020-24370-3408fa99",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
"deprecated": false
},
{
"digest": {
"function_hash": "176948320927037737175998274991413929359",
"length": 298.0
},
"target": {
"function": "findvararg",
"file": "ldebug.c"
},
"id": "CVE-2020-24370-a6e6ec70",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"308106254715576835832771124558186333737",
"28150857163617153757180128882987340278",
"67856167705625202229537381893379792047",
"118168772934001778875555195425693302437",
"316101619877408557194703765822106706457",
"103962487352111355186447672861982043630",
"180146486087139942444320654781720975268",
"293123111573401127190810486268369394313",
"110117011450095061191785096815592359580"
]
},
"target": {
"file": "ldebug.c"
},
"id": "CVE-2020-24370-caf2fa2e",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24370.json"
"2026-07-08T19:02:33Z"