CVE-2020-24371

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-24371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24371
Aliases
Downstream
Related
Published
2020-08-17T17:15:13Z
Modified
2025-10-21T05:47:07.663662Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

References

Affected packages

Git / github.com/lua/lua

Affected ranges

Type
GIT
Repo
https://github.com/lua/lua
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a6da1472c0c5e05ff249325f979531ad51533110

Affected versions

v1.*

v1.2

v2.*

v2.1
v2.2
v2.3-beta
v2.4
v2.4-beta
v2.5
v2.5-beta
v2.5.1

v3.*

v3.0
v3.0-alpha
v3.1
v3.1-alpha
v3.2
v3.2-beta

v4.*

v4.0
v4.0-alpha
v4.0-beta
v4.1-alpha

v5.*

v5.0
v5.0-alpha
v5.0-beta
v5.1
v5.1-alpha
v5.1-beta
v5.1.1
v5.2-alpha
v5.2-beta
v5.2.0
v5.2.1
v5.2.2
v5.3-alpha
v5.3-beta
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-alpha
v5.4-beta
v5.4-w2
v5.4.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
        "target": {
            "function": "remarkupvals",
            "file": "lgc.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-24371-3ad77f13",
        "signature_version": "v1",
        "digest": {
            "function_hash": "230888440196023068660042484403295836192",
            "length": 491.0
        }
    },
    {
        "source": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
        "target": {
            "function": "atomic2gen",
            "file": "lgc.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-24371-717ce452",
        "signature_version": "v1",
        "digest": {
            "function_hash": "148649635605489108398390794752528839496",
            "length": 463.0
        }
    },
    {
        "source": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
        "target": {
            "function": "luaC_barrier_",
            "file": "lgc.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-24371-b816129f",
        "signature_version": "v1",
        "digest": {
            "function_hash": "73126039911420152274233437857816255771",
            "length": 438.0
        }
    },
    {
        "source": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
        "target": {
            "function": "youngcollection",
            "file": "lgc.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-24371-ed9eccc8",
        "signature_version": "v1",
        "digest": {
            "function_hash": "62293687244825559462354794285034139876",
            "length": 820.0
        }
    },
    {
        "source": "https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110",
        "target": {
            "file": "lgc.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-24371-f2e531cd",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "247043816592523228306167864313656777148",
                "128022539470724253876190143736616008833",
                "277784156431681346734209104841665649763",
                "293610384820954965735016816188173325444",
                "180122197416099943960443147549862980667",
                "146946380213547060947882303726874734793",
                "117165732476182395299500896645280365288",
                "188730725681045488505131978435297376627",
                "269972676927384416685274953499422962496",
                "218390374446829489799854226723855946150",
                "63801094826520712061319164997725480474",
                "12340125685636578054225060909693252412",
                "263165008466768107267534801681210705820",
                "324223054354298017487335419729354385561",
                "281694410998367628274707905667833317721",
                "90661529539236227515015123442963964233",
                "331768705513796519620639853311959911390",
                "61153750338018608563606415716016360437",
                "316178962228218637641645618391086218149",
                "29169271078618445766426752526479696958",
                "274141475334442822849514259158662979723",
                "315602760525419211381069342473058358726",
                "124356748170853152830734215933560967725",
                "298493242176478445102444444559732226850",
                "42742995477068854504560106584943118884",
                "332334190360064138671157402824931776680",
                "79662100093156639030414633139045847225",
                "42949527436635597150540362450550434437",
                "194541665703311230294064044909546994559",
                "4436196464461007259879259789700659912",
                "62075780827700133745497836683468249733",
                "86267174718487447218983876365871746188",
                "62160341757005522749984961342269236912",
                "182797068030575012903286821449990934710",
                "337715759172909069055848498856358582938",
                "288235394316488958967272638655547118720",
                "34516602568621660371087614665292278998",
                "299813941888886661147148464353338899467"
            ],
            "threshold": 0.9
        }
    }
]