CVE-2020-24370

MEDIUM

Lua 5.4.0 - Memory Corruption

Title source: llm

Description

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

Exploits (2)

nomisec WRITEUP
by RenukaSelvar · poc
https://github.com/RenukaSelvar/lua_CVE-2020-24370_AfterPatch
nomisec WORKING POC
by RenukaSelvar · poc
https://github.com/RenukaSelvar/lua_CVE-2020-24370

References (6)

Scores

CVSS v3 5.3
EPSS 0.0186
EPSS Percentile 82.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE
CWE-191
Status published

Affected Products (20)

lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
lua/lua
... and 5 more

Timeline

Published Aug 17, 2020
Tracked Since Feb 18, 2026