Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-43519

Uncontrolled Recursion

Published: Nov 09, 2021 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-43519
CWEhttps://cwe.mitre.org/data/definitions/674.html

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Lua Lua 5.1.0 (including) 5.3.5 (excluding)
Lua Lua 5.4.0 (including) 5.4.4 (excluding)
Red Hat Enterprise Linux 9 RedHat lua-0:5.4.4-2.el9_1 *
Red Hat Enterprise Linux 9 RedHat lua-0:5.4.4-2.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat lua-0:5.4.4-1.el9_0.1 *
Ardour Ubuntu bionic *
Ardour Ubuntu hirsute *
Ardour Ubuntu impish *
Ardour Ubuntu kinetic *
Ardour Ubuntu trusty *
Ardour Ubuntu xenial *
Bam Ubuntu bionic *
Bam Ubuntu hirsute *
Bam Ubuntu impish *
Bam Ubuntu kinetic *
Bam Ubuntu lunar *
Bam Ubuntu mantic *
Bam Ubuntu trusty *
Bam Ubuntu xenial *
Blobby Ubuntu bionic *
Blobby Ubuntu hirsute *
Blobby Ubuntu impish *
Blobby Ubuntu kinetic *
Blobby Ubuntu lunar *
Blobby Ubuntu mantic *
Blobby Ubuntu trusty *
Blobby Ubuntu xenial *
Ceph Ubuntu hirsute *
Ceph Ubuntu impish *
Ceph Ubuntu trusty *
Ceph Ubuntu xenial *
Darktable Ubuntu bionic *
Darktable Ubuntu hirsute *
Darktable Ubuntu impish *
Darktable Ubuntu kinetic *
Darktable Ubuntu lunar *
Darktable Ubuntu mantic *
Darktable Ubuntu trusty *
Darktable Ubuntu xenial *
Eja Ubuntu bionic *
Eja Ubuntu hirsute *
Eja Ubuntu impish *
Eja Ubuntu kinetic *
Eja Ubuntu lunar *
Eja Ubuntu mantic *
Eja Ubuntu trusty *
Eja Ubuntu xenial *
Emscripten Ubuntu bionic *
Emscripten Ubuntu hirsute *
Emscripten Ubuntu impish *
Emscripten Ubuntu kinetic *
Emscripten Ubuntu lunar *
Emscripten Ubuntu mantic *
Emscripten Ubuntu trusty *
Emscripten Ubuntu xenial *
Enigma Ubuntu bionic *
Enigma Ubuntu hirsute *
Enigma Ubuntu impish *
Enigma Ubuntu kinetic *
Enigma Ubuntu trusty *
Enigma Ubuntu xenial *
Freeciv Ubuntu bionic *
Freeciv Ubuntu hirsute *
Freeciv Ubuntu impish *
Freeciv Ubuntu kinetic *
Freeciv Ubuntu trusty *
Freeciv Ubuntu xenial *
Freedroidrpg Ubuntu bionic *
Freedroidrpg Ubuntu hirsute *
Freedroidrpg Ubuntu impish *
Freedroidrpg Ubuntu kinetic *
Freedroidrpg Ubuntu lunar *
Freedroidrpg Ubuntu mantic *
Freedroidrpg Ubuntu trusty *
Freedroidrpg Ubuntu xenial *
Fs-uae Ubuntu bionic *
Fs-uae Ubuntu hirsute *
Fs-uae Ubuntu impish *
Fs-uae Ubuntu kinetic *
Fs-uae Ubuntu lunar *
Fs-uae Ubuntu mantic *
Fs-uae Ubuntu trusty *
Fs-uae Ubuntu xenial *
Golly Ubuntu bionic *
Golly Ubuntu hirsute *
Golly Ubuntu impish *
Golly Ubuntu kinetic *
Golly Ubuntu lunar *
Golly Ubuntu mantic *
Golly Ubuntu trusty *
Golly Ubuntu xenial *
Goxel Ubuntu bionic *
Goxel Ubuntu hirsute *
Goxel Ubuntu impish *
Goxel Ubuntu kinetic *
Goxel Ubuntu lunar *
Goxel Ubuntu mantic *
Goxel Ubuntu trusty *
Goxel Ubuntu xenial *
Grub2 Ubuntu hirsute *
Grub2 Ubuntu impish *
Grub2 Ubuntu trusty *
Grub2 Ubuntu xenial *
Gtk2-engines Ubuntu bionic *
Gtk2-engines Ubuntu hirsute *
Gtk2-engines Ubuntu impish *
Gtk2-engines Ubuntu kinetic *
Gtk2-engines Ubuntu trusty *
Gtk2-engines Ubuntu xenial *
Haskell-hslua Ubuntu bionic *
Haskell-hslua Ubuntu hirsute *
Haskell-hslua Ubuntu impish *
Haskell-hslua Ubuntu kinetic *
Haskell-hslua Ubuntu trusty *
Haskell-hslua Ubuntu xenial *
Hedgewars Ubuntu bionic *
Hedgewars Ubuntu hirsute *
Hedgewars Ubuntu impish *
Hedgewars Ubuntu kinetic *
Hedgewars Ubuntu trusty *
Hedgewars Ubuntu xenial *
Lua5.1 Ubuntu hirsute *
Lua5.1 Ubuntu impish *
Lua5.1 Ubuntu trusty *
Lua5.1 Ubuntu xenial *
Lua5.2 Ubuntu bionic *
Lua5.2 Ubuntu hirsute *
Lua5.2 Ubuntu impish *
Lua5.2 Ubuntu kinetic *
Lua5.2 Ubuntu trusty *
Lua5.2 Ubuntu xenial *
Lua5.3 Ubuntu bionic *
Lua5.3 Ubuntu hirsute *
Lua5.3 Ubuntu impish *
Lua5.3 Ubuntu kinetic *
Lua5.3 Ubuntu trusty *
Lua5.3 Ubuntu xenial *
Lua5.4 Ubuntu hirsute *
Lua5.4 Ubuntu impish *
Lua5.4 Ubuntu trusty *
Lua5.4 Ubuntu upstream *
Lua50 Ubuntu bionic *
Lua50 Ubuntu hirsute *
Lua50 Ubuntu impish *
Lua50 Ubuntu trusty *
Lua50 Ubuntu xenial *
Luajit Ubuntu bionic *
Luajit Ubuntu hirsute *
Luajit Ubuntu impish *
Luajit Ubuntu kinetic *
Luajit Ubuntu trusty *
Luajit Ubuntu xenial *
Mame Ubuntu bionic *
Mame Ubuntu hirsute *
Mame Ubuntu impish *
Mame Ubuntu kinetic *
Mame Ubuntu trusty *
Mame Ubuntu xenial *
Naev Ubuntu hirsute *
Naev Ubuntu impish *
Naev Ubuntu kinetic *
Naev Ubuntu lunar *
Naev Ubuntu mantic *
Naev Ubuntu trusty *
Naev Ubuntu xenial *
Openscenegraph Ubuntu bionic *
Openscenegraph Ubuntu hirsute *
Openscenegraph Ubuntu impish *
Openscenegraph Ubuntu kinetic *
Openscenegraph Ubuntu trusty *
Openscenegraph Ubuntu xenial *
Redis Ubuntu trusty *
Redis Ubuntu xenial *
Rust-lua52-sys Ubuntu hirsute *
Rust-lua52-sys Ubuntu impish *
Rust-lua52-sys Ubuntu kinetic *
Rust-lua52-sys Ubuntu lunar *
Rust-lua52-sys Ubuntu mantic *
Rust-lua52-sys Ubuntu trusty *
Rust-lua52-sys Ubuntu xenial *
Scite Ubuntu bionic *
Scite Ubuntu hirsute *
Scite Ubuntu impish *
Scite Ubuntu kinetic *
Scite Ubuntu lunar *
Scite Ubuntu mantic *
Scite Ubuntu trusty *
Scite Ubuntu xenial *
Scorched3d Ubuntu bionic *
Scorched3d Ubuntu hirsute *
Scorched3d Ubuntu impish *
Scorched3d Ubuntu kinetic *
Scorched3d Ubuntu lunar *
Scorched3d Ubuntu mantic *
Scorched3d Ubuntu trusty *
Scorched3d Ubuntu xenial *
Scummvm Ubuntu bionic *
Scummvm Ubuntu hirsute *
Scummvm Ubuntu impish *
Scummvm Ubuntu kinetic *
Scummvm Ubuntu trusty *
Scummvm Ubuntu xenial *
Spring Ubuntu bionic *
Spring Ubuntu hirsute *
Spring Ubuntu impish *
Spring Ubuntu kinetic *
Spring Ubuntu trusty *
Spring Ubuntu xenial *
Syslinux Ubuntu bionic *
Syslinux Ubuntu hirsute *
Syslinux Ubuntu impish *
Syslinux Ubuntu kinetic *
Syslinux Ubuntu trusty *
Syslinux Ubuntu xenial *
Syslinux-legacy Ubuntu bionic *
Syslinux-legacy Ubuntu trusty *
Syslinux-legacy Ubuntu xenial *
Tagua Ubuntu bionic *
Tagua Ubuntu hirsute *
Tagua Ubuntu impish *
Tagua Ubuntu kinetic *
Tagua Ubuntu trusty *
Tagua Ubuntu xenial *
Tarantool Ubuntu hirsute *
Tarantool Ubuntu impish *
Tarantool Ubuntu kinetic *
Tarantool Ubuntu lunar *
Tarantool Ubuntu mantic *
Tarantool Ubuntu trusty *
Tarantool Ubuntu xenial *
Texlive-bin Ubuntu bionic *
Texlive-bin Ubuntu hirsute *
Texlive-bin Ubuntu impish *
Texlive-bin Ubuntu kinetic *
Texlive-bin Ubuntu trusty *
Texlive-bin Ubuntu xenial *
Tup Ubuntu hirsute *
Tup Ubuntu impish *
Tup Ubuntu kinetic *
Tup Ubuntu lunar *
Tup Ubuntu mantic *
Tup Ubuntu trusty *
Tup Ubuntu xenial *
Ufoai Ubuntu bionic *
Ufoai Ubuntu hirsute *
Ufoai Ubuntu impish *
Ufoai Ubuntu kinetic *
Ufoai Ubuntu trusty *
Ufoai Ubuntu xenial *
Vifm Ubuntu bionic *
Vifm Ubuntu hirsute *
Vifm Ubuntu impish *
Vifm Ubuntu kinetic *
Vifm Ubuntu lunar *
Vifm Ubuntu mantic *
Vifm Ubuntu trusty *
Vifm Ubuntu xenial *
Wcc Ubuntu bionic *
Wcc Ubuntu hirsute *
Wcc Ubuntu impish *
Wcc Ubuntu kinetic *
Wcc Ubuntu lunar *
Wcc Ubuntu mantic *
Wcc Ubuntu trusty *
Wcc Ubuntu xenial *
Wesnoth Ubuntu trusty *
Wesnoth Ubuntu xenial *
Widelands Ubuntu bionic *
Widelands Ubuntu hirsute *
Widelands Ubuntu impish *
Widelands Ubuntu kinetic *
Widelands Ubuntu lunar *
Widelands Ubuntu mantic *
Widelands Ubuntu trusty *
Widelands Ubuntu xenial *
Xmoto Ubuntu bionic *
Xmoto Ubuntu hirsute *
Xmoto Ubuntu impish *
Xmoto Ubuntu kinetic *
Xmoto Ubuntu trusty *
Xmoto Ubuntu xenial *
Zfs-linux Ubuntu bionic *
Zfs-linux Ubuntu hirsute *
Zfs-linux Ubuntu impish *
Zfs-linux Ubuntu kinetic *
Zfs-linux Ubuntu trusty *
Zfs-linux Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use