Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-402
HistorySep 17, 2014 - 9:44 p.m.

Medium: lua

2014-09-1721:44:00
alas.aws.amazon.com
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

69.9%

JSON

Issue Overview:

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Affected Packages:

lua

Issue Correction:
Run yum update lua to update your system.

New Packages:

i686:  
    lua-5.1.4-4.1.9.amzn1.i686  
    lua-devel-5.1.4-4.1.9.amzn1.i686  
    lua-debuginfo-5.1.4-4.1.9.amzn1.i686  
    lua-static-5.1.4-4.1.9.amzn1.i686  
  
src:  
    lua-5.1.4-4.1.9.amzn1.src  
  
x86_64:  
    lua-devel-5.1.4-4.1.9.amzn1.x86_64  
    lua-debuginfo-5.1.4-4.1.9.amzn1.x86_64  
    lua-static-5.1.4-4.1.9.amzn1.x86_64  
    lua-5.1.4-4.1.9.amzn1.x86_64

Additional References

Red Hat: CVE-2014-5461

Mitre: CVE-2014-5461

Related

nessus 18
nvd 1
cvelist 1
openvas 14
ubuntu 1
gentoo 2
osv 3
cve 1
debian 3
securityvulns 2
prion 1
mageia 2
debiancve 1
ubuntucve 1
nessus
nessus
Oracle Solaris Third-Party Patch Update : lua (cve_2014_5461_buffer_errors)
2015-01-19 00:00:00
Debian DSA-3015-1 : lua5.1 - security update
2014-09-02 00:00:00
EulerOS 2.0 SP3 : lua (EulerOS-SA-2019-2629)
2019-12-18 00:00:00
nvd
nvd
CVE-2014-5461
2014-09-04 17:55:07
cvelist
cvelist
CVE-2014-5461
2014-09-04 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-402)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0414)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2020-1477)
2020-04-16 00:00:00
ubuntu
ubuntu
Lua vulnerability
2014-09-03 00:00:00
gentoo
gentoo
Lua: Buffer overflow
2017-01-23 00:00:00
Lua: Multiple Vulnerabilities
2023-05-03 00:00:00
osv
osv
lua5.2 - security update
2014-09-01 00:00:00
lua5.1 - security update
2014-09-01 00:00:00
lua5.1 - security update
2014-09-05 00:00:00
cve
cve
CVE-2014-5461
2014-09-04 17:55:07
debian
debian
[SECURITY] [DLA 47-1] lua5.1 security update
2014-09-05 16:01:46
[SECURITY] [DSA 3015-1] lua5.1 security update
2014-09-01 19:02:43
[SECURITY] [DSA 3016-1] lua5.2 security update
2014-09-01 19:08:17
securityvulns
securityvulns
Lua buffer overflow
2014-09-03 00:00:00
[SECURITY] [DSA 3016-1] lua5.2 security update
2014-09-03 00:00:00
prion
prion
Buffer overflow
2014-09-04 17:55:00
mageia
mageia
Updated lua and lua5.1 packages fix security vulnerability
2014-10-23 17:27:57
Updated freeciv packages fix a security vulnerability
2015-01-21 20:15:23
debiancve
debiancve
CVE-2014-5461
2014-09-04 17:55:07
ubuntucve
ubuntucve
CVE-2014-5461
2014-08-28 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

69.9%

JSON
Related for ALAS-2014-402
nessus18nvd1cvelist1openvas14ubuntu1gentoo2osv3cve1debian3securityvulns2prion1mageia2debiancve1ubuntucve1