Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:conan/lua@5.4.3
purl pkg:conan/lua@5.4.3
Tags Ghost
Next non-vulnerable version 5.4.6
Latest non-vulnerable version 5.4.6
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-h37s-ads2-zugj
Aliases:
CVE-2021-45985
Out-of-bounds Write In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
5.4.4
Affected by 2 other vulnerabilities.
VCID-pdpa-5dks-u7a9
Aliases:
CVE-2021-44964
Use After Free Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
5.4.4
Affected by 2 other vulnerabilities.
VCID-sypb-grma-cfhq
Aliases:
CVE-2021-44647
Access of Resource Using Incompatible Type ('Type Confusion') Lua are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
5.4.4
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:44:28.539634+00:00 GitLab Importer Affected by VCID-h37s-ads2-zugj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2021-45985.yml 38.6.0
2026-06-02T04:41:47.933096+00:00 GitLab Importer Affected by VCID-pdpa-5dks-u7a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2021-44964.yml 38.6.0
2026-06-02T04:40:56.048236+00:00 GitLab Importer Affected by VCID-sypb-grma-cfhq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/lua/CVE-2021-44647.yml 38.6.0