CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name	Vendor	Start Version	End Version
Lua	Lua	5.4.0 (including)	5.4.3 (including)
Red Hat Enterprise Linux 9	RedHat	lua-0:5.4.4-2.el9_1	*
Red Hat Enterprise Linux 9	RedHat	lua-0:5.4.4-2.el9_1	*
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	lua-0:5.4.4-1.el9_0.1	*
Lua5.1	Ubuntu	impish	*
Lua5.1	Ubuntu	trusty	*
Lua5.1	Ubuntu	xenial	*
Lua5.2	Ubuntu	impish	*
Lua5.2	Ubuntu	trusty	*
Lua5.2	Ubuntu	trusty/esm	*
Lua5.2	Ubuntu	xenial	*
Lua5.3	Ubuntu	impish	*
Lua5.3	Ubuntu	trusty	*
Lua5.3	Ubuntu	xenial	*
Lua5.4	Ubuntu	impish	*
Lua5.4	Ubuntu	trusty	*
Lua50	Ubuntu	bionic	*
Lua50	Ubuntu	focal	*
Lua50	Ubuntu	impish	*
Lua50	Ubuntu	trusty	*
Lua50	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-44964
CWE	https://cwe.mitre.org/data/definitions/416.html

Use After Free

Weakness

Affected Software

Potential Mitigations

References