ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24370
Reference (s):
- FEDORA:FEDORA-2020-c83556709c
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/
- FEDORA:FEDORA-2020-d7ed9f18ff
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/
- http://lua-users.org/lists/lua-l/2020-07/msg00324.html