oss-sec mailing list archives

Lua 5.1.4

From: Kees Cook <kees () ubuntu com>
Date: Tue, 24 Mar 2009 14:37:13 -0700

Has anyone looked at the Lua fixes[1] in 5.1.4?  I'm not familiar with the
codebase, but it seems that several may have security implications:

 2: stack overflow  (this is the Lua stack? so... heap overflow?)
 3: integer overflow
 4: integer overflow
 6: stack overflow  (this is the Lua stack? so... heap overflow?)
 8: memory writing?
 9: memory reading
10: CPU DoS

I haven't had a chance to examine it closely yet.  Has anyone looked at
these changes?

-Kees

[1] http://www.lua.org/bugs.html

-- 
Kees Cook
Ubuntu Security Team

Current thread:

Lua 5.1.4 Kees Cook (Mar 24)
- Re: Lua 5.1.4 Steven M. Christey (Mar 24)
- Re: Lua 5.1.4 Florian Weimer (Mar 25)