VulnerableCode Package Details - pkg:conan/lua@5.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9hw6-zjwq-83gr Aliases: CVE-2021-43519	denial of service	5.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-genu-xfqb-ryfk Aliases: CVE-2022-28805	Out-of-bounds Read singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.	There are no reported fixed by versions.
VCID-k38z-6c33-vueb Aliases: CVE-2020-15945	Buffer Overflow Lua has a segmentation fault in `changedline` in `ldebug.c` (e.g., when called by `luaG_traceexec`) because it incorrectly expects that an `oldpc` value is always updated upon a return of the flow of control to a function.	5.4.6 Affected by 0 other vulnerabilities.
VCID-n4rj-yf2u-j7fe Aliases: CVE-2020-24342	Improper Restriction of Operations within the Bounds of a Memory Buffer Lua through allows a stack redzone cross in `luaO_pushvfstring` because a protection mechanism wrongly calls `luaD_callnoyield` twice in a row.	5.4.1 Affected by 0 other vulnerabilities.
VCID-n66m-4kp4-a7ef Aliases: CVE-2020-24369	NULL Pointer Dereference `ldebug.c` attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.	There are no reported fixed by versions.
VCID-pdpa-5dks-u7a9 Aliases: CVE-2021-44964	Use After Free Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.	5.4.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qp4c-jwam-nub9 Aliases: CVE-2020-24371	Release of Invalid Pointer or Reference `lgc.c` mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving `collectgarbage`.	There are no reported fixed by versions.
VCID-s7du-gace-j3ev Aliases: CVE-2020-15888	arbitrary code execution	5.4.1 Affected by 0 other vulnerabilities. 5.4.6 Affected by 0 other vulnerabilities.
VCID-t3vr-j6vw-33db Aliases: CVE-2020-15889	arbitrary code execution	5.4.1 Affected by 0 other vulnerabilities.
VCID-ute6-ecyg-9ffz Aliases: CVE-2020-24370	Integer Underflow (Wrap or Wraparound) `ldebug.c` allows a negation overflow and segmentation fault in `getlocal` and `setlocal`.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-9hw6-zjwq-83gr
Aliases:
CVE-2021-43519

denial of service

5.4.4
Affected by 1 other vulnerability.

VCID-genu-xfqb-ryfk
Aliases:
CVE-2022-28805

Out-of-bounds Read singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

There are no reported fixed by versions.

VCID-k38z-6c33-vueb
Aliases:
CVE-2020-15945

Buffer Overflow Lua has a segmentation fault in `changedline` in `ldebug.c` (e.g., when called by `luaG_traceexec`) because it incorrectly expects that an `oldpc` value is always updated upon a return of the flow of control to a function.

5.4.6
Affected by 0 other vulnerabilities.

VCID-n4rj-yf2u-j7fe
Aliases:
CVE-2020-24342

Improper Restriction of Operations within the Bounds of a Memory Buffer Lua through allows a stack redzone cross in `luaO_pushvfstring` because a protection mechanism wrongly calls `luaD_callnoyield` twice in a row.

5.4.1
Affected by 0 other vulnerabilities.

VCID-n66m-4kp4-a7ef
Aliases:
CVE-2020-24369

NULL Pointer Dereference `ldebug.c` attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

There are no reported fixed by versions.

VCID-pdpa-5dks-u7a9
Aliases:
CVE-2021-44964

Use After Free Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

5.4.4
Affected by 1 other vulnerability.

VCID-qp4c-jwam-nub9
Aliases:
CVE-2020-24371

Release of Invalid Pointer or Reference `lgc.c` mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving `collectgarbage`.

There are no reported fixed by versions.

VCID-s7du-gace-j3ev
Aliases:
CVE-2020-15888

arbitrary code execution

5.4.1
Affected by 0 other vulnerabilities.

5.4.6
Affected by 0 other vulnerabilities.

VCID-t3vr-j6vw-33db
Aliases:
CVE-2020-15889

arbitrary code execution

5.4.1
Affected by 0 other vulnerabilities.

VCID-ute6-ecyg-9ffz
Aliases:
CVE-2020-24370

Integer Underflow (Wrap or Wraparound) `ldebug.c` allows a negation overflow and segmentation fault in `getlocal` and `setlocal`.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:20:10.573230+00:00	GitLab Importer	Affected by	VCID-qp4c-jwam-nub9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-24371.yml	38.6.0
2026-06-04T16:20:10.542329+00:00	GitLab Importer	Affected by	VCID-n66m-4kp4-a7ef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-24369.yml	38.6.0
2026-06-04T16:20:10.523108+00:00	GitLab Importer	Affected by	VCID-ute6-ecyg-9ffz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-24370.yml	38.6.0
2026-06-04T16:20:10.188031+00:00	GitLab Importer	Affected by	VCID-n4rj-yf2u-j7fe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-24342.yml	38.6.0
2026-06-04T16:20:08.251811+00:00	GitLab Importer	Affected by	VCID-k38z-6c33-vueb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-15945.yml	38.6.0
2026-06-04T16:20:08.020184+00:00	GitLab Importer	Affected by	VCID-s7du-gace-j3ev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-15888.yml	38.6.0
2026-06-04T16:20:07.956743+00:00	GitLab Importer	Affected by	VCID-t3vr-j6vw-33db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2020-15889.yml	38.6.0
2026-06-02T04:42:00.143964+00:00	GitLab Importer	Affected by	VCID-genu-xfqb-ryfk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2022-28805.yml	38.6.0
2026-06-02T04:41:47.929196+00:00	GitLab Importer	Affected by	VCID-pdpa-5dks-u7a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2021-44964.yml	38.6.0
2026-06-02T04:40:22.315597+00:00	GitLab Importer	Affected by	VCID-9hw6-zjwq-83gr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2021-43519.yml	38.6.0