VulnerableCode Package Details - pkg:deb/debian/lua5.4@5.4.2-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/lua5.4@5.4.2-2

Essentials
History (6)

purl	pkg:deb/debian/lua5.4@5.4.2-2

Next non-vulnerable version	5.4.4-3+deb12u1
Latest non-vulnerable version	5.4.4-3+deb12u1
Risk	3.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-9hw6-zjwq-83gr Aliases: CVE-2021-43519	denial of service	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-g3t3-qp1h-jfe3 Aliases: CVE-2022-33099	An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-genu-xfqb-ryfk Aliases: CVE-2022-28805	Out-of-bounds Read singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-h37s-ads2-zugj Aliases: CVE-2021-45985	Out-of-bounds Write In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-pdpa-5dks-u7a9 Aliases: CVE-2021-44964	Use After Free Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.
VCID-sypb-grma-cfhq Aliases: CVE-2021-44647	Access of Resource Using Incompatible Type ('Type Confusion') Lua are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.	5.4.4-3+deb12u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T20:40:51.027076+00:00	Debian Importer	Affected by	VCID-pdpa-5dks-u7a9	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T20:18:37.949397+00:00	Debian Importer	Affected by	VCID-h37s-ads2-zugj	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:23:58.875991+00:00	Debian Importer	Affected by	VCID-sypb-grma-cfhq	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:18:18.269784+00:00	Debian Importer	Affected by	VCID-9hw6-zjwq-83gr	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:45:58.843407+00:00	Debian Importer	Affected by	VCID-genu-xfqb-ryfk	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:44:05.002116+00:00	Debian Importer	Affected by	VCID-g3t3-qp1h-jfe3	https://security-tracker.debian.org/tracker/data/json	38.6.0