CVE-2021-45985

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-45985
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45985.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45985
Aliases
Downstream
Published
2023-04-10T09:15:07.250Z
Modified
2025-11-20T11:56:53.376601Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

References

Affected packages

Git / github.com/lua/lua

Affected ranges

Type
GIT
Repo
https://github.com/lua/lua
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf613cdc6fa367257fc61c256f63d917350858b5

Affected versions

v1.*

v1.2

v2.*

v2.1
v2.2
v2.3-beta
v2.4
v2.4-beta
v2.5
v2.5-beta
v2.5.1

v3.*

v3.0
v3.0-alpha
v3.1
v3.1-alpha
v3.2
v3.2-beta

v4.*

v4.0
v4.0-alpha
v4.0-beta
v4.1-alpha

v5.*

v5.0
v5.0-alpha
v5.0-beta
v5.1
v5.1-alpha
v5.1-beta
v5.1.1
v5.2-alpha
v5.2-beta
v5.2.0
v5.2.1
v5.2.2
v5.3-alpha
v5.3-beta
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-alpha
v5.4-beta
v5.4-w2
v5.4.0
v5.4.1
v5.4.2
v5.4.3

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
        "deprecated": false,
        "target": {
            "file": "ldo.c"
        },
        "id": "CVE-2021-45985-607c555b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33833490466441759291322153683438719705",
                "84369104082086107190645463707502174029",
                "295511310105421369746384700970995315737",
                "12203473177769128110561359607199773707",
                "315007898064505767868322756796827846696",
                "278707840460729215257930947771055151307",
                "289853073820757707898851752461450092833",
                "79699182784658544092265369729132165017"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5",
        "deprecated": false,
        "target": {
            "file": "ldo.c",
            "function": "luaD_pretailcall"
        },
        "id": "CVE-2021-45985-fe306226",
        "digest": {
            "function_hash": "74565152130787818120172892330726743781",
            "length": 1036.0
        },
        "signature_type": "Function"
    }
]