Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Aug 2014 01:20:39 -0400 (EDT)
From: cve-assign@...re.org
To: fweimer@...hat.com, mmcallis@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.lua.org/bugs.html#5.2.2-1
> Stack overflow in vararg functions with many fixed parameters called with few arguments.

Use CVE-2014-5461.


> Lua has some sandboxing functionality, but it can be bypassed by
> supplying precompiled bytecode.  There have been extensive discussions
> about this on the lua-users mailing list, e.g.:
> 
> <http://lua-users.org/lists/lua-l/2011-10/msg01215.html>

We did not immediately find information to decide on the number of CVE
IDs. Picking a few random frames from
http://www.youtube.com/watch?v=OSMOTDLrBCQ suggested that
approximately three CVE-2011-#### IDs could be assigned. If anyone has
better information, or even the same information in a text format,
that could be useful (if the CVE-2011-#### IDs are needed).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT/WotAAoJEKllVAevmvmsIakH/00bWTQa336V/umZwZBZdlf1
hRxiiKg+ra2kDTHaZTqF/bz4j6LPrsYXD2antj9V2VoI3iMgxOemdajYC9Um3QDq
x9ocSRDnxoxsMhvapO+2Y0DsnaHzWwj008mTB1Sl5OuEPTnNK3V4gRlMErZU4Mi/
meJqBDfh4XemDnQ+3TtAbf6FeY/eDTOIujf118uSDYdw77r7vig217X7rbH2BFAt
9QPjWylkGyXiX2P+C6k4TbSBLfMpyzHNBE9CTtrm7FV0wsjzll7F6ylpOaeS3VwH
G5TRK4lZQqoRMauiERyaCZ2rJZGQKUyV2LPbtn7F5B7pjun1Hei8rv2fKoGPej4=
=DZHj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ