CVE-2023-4540

HIGH

Daurnimator lua-http <ddab283 - DoS

Title source: llm

Description

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.

References (4)

[Various Sources] https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/

[Patch] https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://cert.pl/posts/2023/09/CVE-2023-4540/

[Various Sources] https://cert.pl/en/posts/2023/09/CVE-2023-4540/

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (1)

daurnimator/lua-http 0.4

Published Sep 05, 2023

Tracked Since Feb 18, 2026