[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]
From:       cve-assign () mitre ! org
Date:       2014-08-27 5:20:39
Message-ID: 20140827052039.1C49D1F050D () smtpksrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.lua.org/bugs.html#5.2.2-1
> Stack overflow in vararg functions with many fixed parameters called with few arguments.

Use CVE-2014-5461.


> Lua has some sandboxing functionality, but it can be bypassed by
> supplying precompiled bytecode.  There have been extensive discussions
> about this on the lua-users mailing list, e.g.:
> 
> <http://lua-users.org/lists/lua-l/2011-10/msg01215.html>

We did not immediately find information to decide on the number of CVE
IDs. Picking a few random frames from
http://www.youtube.com/watch?v=OSMOTDLrBCQ suggested that
approximately three CVE-2011-#### IDs could be assigned. If anyone has
better information, or even the same information in a text format,
that could be useful (if the CVE-2011-#### IDs are needed).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT/WotAAoJEKllVAevmvmsIakH/00bWTQa336V/umZwZBZdlf1
hRxiiKg+ra2kDTHaZTqF/bz4j6LPrsYXD2antj9V2VoI3iMgxOemdajYC9Um3QDq
x9ocSRDnxoxsMhvapO+2Y0DsnaHzWwj008mTB1Sl5OuEPTnNK3V4gRlMErZU4Mi/
meJqBDfh4XemDnQ+3TtAbf6FeY/eDTOIujf118uSDYdw77r7vig217X7rbH2BFAt
9QPjWylkGyXiX2P+C6k4TbSBLfMpyzHNBE9CTtrm7FV0wsjzll7F6ylpOaeS3VwH
G5TRK4lZQqoRMauiERyaCZ2rJZGQKUyV2LPbtn7F5B7pjun1Hei8rv2fKoGPej4=
=DZHj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]