https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Bug ID: 2104427 Summary: CVE-2022-33099 lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: trathi@redhat.com CC: 4le@live.com, drjohnson1@gmail.com, lua-packagers-sig@lists.fedoraproject.org, mhroncok@redhat.com, michel@michel-slm.name, rob.myers@gtri.gatech.edu, spotrh@gmail.com Target Milestone: --- Classification: Other
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
https://lua-users.org/lists/lua-l/2022-05/msg00035.html https://lua-users.org/lists/lua-l/2022-05/msg00073.html https://lua-users.org/lists/lua-l/2022-05/msg00042.html https://www.lua.org/bugs.html#Lua-stack%20overflow%20when%20C%20stack%20over... https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2103258
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
juneau@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2104501
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2104744, 2104743, 2104745
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2104743 [Bug 2104743] CVE-2022-33099 lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2104744 [Bug 2104744] CVE-2022-33099 compat-lua: lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2104745 [Bug 2104745] CVE-2022-33099 compat-lua: lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
--- Comment #2 from TEJ RATHI trathi@redhat.com --- Created compat-lua tracking bugs for this issue:
Affects: epel-all [bug 2104744] Affects: fedora-all [bug 2104745]
Created lua tracking bugs for this issue:
Affects: fedora-all [bug 2104743]
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
--- Doc Text *updated* by TEJ RATHI trathi@redhat.com --- A vulnerability was found in Lua. During error handling, the component luaG_errormsg() uses slots from EXTRA_STACK, and some errors can recur such as: string overflow while creating an error message in 'luaG_runerror', or a C-stack overflow before calling the message handler. This could cause a crash that leads to a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in 'luaG_runerror', or a C-stack overflow before calling the message handler, causing a crash that leads to a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=2104427 Bug 2104427 depends on bug 2104743, which changed state.
Bug 2104743 Summary: CVE-2022-33099 lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2104743
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2104427 Bug 2104427 depends on bug 2104745, which changed state.
Bug 2104745 Summary: CVE-2022-33099 compat-lua: lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2104745
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=2104427 Bug 2104427 depends on bug 2104744, which changed state.
Bug 2104744 Summary: CVE-2022-33099 compat-lua: lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2104744
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Carl George 🤠 carl@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |carl@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Panu Matilainen pmatilai@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |pmatilai@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2132327, 2132326, 2132325
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Michal Domonkos mdomonko@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mdomonko@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
--- Comment #14 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2022:7329 https://access.redhat.com/errata/RHSA-2022:7329
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:7329
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
--- Comment #16 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-33099
https://bugzilla.redhat.com/show_bug.cgi?id=2104427
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2022-12-09 00:13:32
lua-packagers-sig@lists.fedoraproject.org