An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6916-1 advisory.

    It was discovered that Lua did not properly generate code when _ENV is constant. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code.
    (CVE-2022-28805)

    It was discovered that Lua did not properly handle C stack overflows during error handling. An attacker     could possibly use this issue to cause a denial of service. (CVE-2022-33099)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the nmap package has been released.

An update of the lua package has been released.

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the lua-5.4.2-7.el9 build changelog.

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-533 advisory.

  - In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
    (CVE-2021-45985)

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7329 advisory.

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This Solaris system is missing necessary patches to address critical security updates :

  - Vulnerability in the Oracle Solaris product of Oracle     Systems (component: Device Driver Interface). The     supported version that is affected is 11. Easily     exploitable vulnerability allows low privileged attacker     with logon to the infrastructure where Oracle Solaris     executes to compromise Oracle Solaris. Successful     attacks of this vulnerability can result in takeover of     Oracle Solaris. Note: CVE-2023-22023 is equivalent to     CVE-2023-31284. CVSS 3.1 Base Score 7.8     (Confidentiality, Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2023-22023)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Security     (OpenSSL)). Supported versions that are affected are     8.58, 8.59 and 8.60. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     TLS to compromise PeopleSoft Enterprise PeopleTools.
    Successful attacks of this vulnerability can result in     unauthorized read access to a subset of PeopleSoft     Enterprise PeopleTools accessible data. CVSS 3.1 Base     Score 5.3 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-2097)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Connection Handling).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.30 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-21617)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 5.7.39 and prior and 8.0.30 and     prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-21608)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Security: Encryption).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.29 and prior. Easily exploitable     vulnerability allows low privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized read access to a subset of     MySQL Server accessible data. CVSS 3.1 Base Score 4.3     (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-21592)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.16 and prior. Easily exploitable     vulnerability allows low privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized read access to a subset of     MySQL Server accessible data. CVSS 3.1 Base Score 4.3     (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-21589)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Packaging (cURL)). Supported     versions that are affected are 5.7.41 and prior and     8.0.32 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access     to all MySQL Server accessible data. CVSS 3.1 Base Score     7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
    (CVE-2022-43551)

  - Vulnerability in the Oracle Communications Network     Analytics Data Director product of Oracle Communications     (component: Install/Upgrade (Kerberos)). The supported     version that is affected is 23.1.0. Easily exploitable     vulnerability allows low privileged attacker with     network access via HTTP to compromise Oracle     Communications Network Analytics Data Director.
    Successful attacks of this vulnerability can result in     takeover of Oracle Communications Network Analytics Data     Director. CVSS 3.1 Base Score 8.8 (Confidentiality,     Integrity and Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2022-42898)

  - Vulnerability in the Oracle Outside In Technology     product of Oracle Fusion Middleware (component: Third     Party (SQLite)). The supported version that is affected     is 8.5.6. Easily exploitable vulnerability allows low     privileged attacker with logon to the infrastructure     where Oracle Outside In Technology executes to     compromise Oracle Outside In Technology. Successful     attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical     data or all Oracle Outside In Technology accessible data     as well as unauthorized access to critical data or     complete access to all Oracle Outside In Technology     accessible data and unauthorized ability to cause a     partial denial of service (partial DOS) of Oracle     Outside In Technology. CVSS 3.1 Base Score 7.3     (Confidentiality, Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).
    (CVE-2022-46908)

  - Vulnerability in the Oracle Communications Diameter     Signaling Router product of Oracle Communications     (component: Platform (Microcode Controller)). The     supported version that is affected is 8.6.0.0. Easily     exploitable vulnerability allows low privileged attacker     with logon to the infrastructure where Oracle     Communications Diameter Signaling Router executes to     compromise Oracle Communications Diameter Signaling     Router. Successful attacks of this vulnerability can     result in unauthorized access to critical data or     complete access to all Oracle Communications Diameter     Signaling Router accessible data. CVSS 3.1 Base Score     5.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    (CVE-2022-21123)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Porting     (Cryptography)). Supported versions that are affected     are 8.59 and 8.60. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     HTTPS to compromise PeopleSoft Enterprise PeopleTools.
    Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of     PeopleSoft Enterprise PeopleTools accessible data and     unauthorized ability to cause a partial denial of     service (partial DOS) of PeopleSoft Enterprise     PeopleTools. CVSS 3.1 Base Score 6.5 (Integrity and     Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).
    (CVE-2023-23931)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Porting (Python     setuptools)). Supported versions that are affected are     8.59 and 8.60. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTP to     compromise PeopleSoft Enterprise PeopleTools. Successful     attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash     (complete DOS) of PeopleSoft Enterprise PeopleTools.
    CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS     Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-40897)

The version of nmap / lua / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-33099 advisory.

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-176 advisory.

  - Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial     of Service via a crafted script file. (CVE-2021-43519)

  - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which     can cause a local denial of service. (CVE-2021-44647)

  - singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain     luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles     untrusted Lua code. (CVE-2022-28805)

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7329 advisory.

    - Fix up CVE-2022-33099 patch

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7329 advisory.

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7329 advisory.

    The lua packages provide support for Lua, a powerful light-weight programming language designed for     extending applications. Lua is also frequently used as a general-purpose, stand-alone language.

    Security Fix(es):

    * lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling     (CVE-2022-33099)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-146 advisory.

  - singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain     luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles     untrusted Lua code. (CVE-2022-28805)

  - An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a     recursive error occurs. (CVE-2022-33099)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
204916	Ubuntu 22.04 LTS : Lua vulnerabilities (USN-6916-1)	Nessus	Ubuntu Local Security Checks	critical
203884	Photon OS 3.0: Nmap PHSA-2023-3.0-0601	Nessus	PhotonOS Local Security Checks	critical
203667	Photon OS 4.0: Nmap PHSA-2023-4.0-0517	Nessus	PhotonOS Local Security Checks	high
203606	Photon OS 5.0: Nmap PHSA-2023-5.0-0036	Nessus	PhotonOS Local Security Checks	critical
203602	Photon OS 5.0: Lua PHSA-2023-5.0-0036	Nessus	PhotonOS Local Security Checks	high
203325	Photon OS 4.0: Lua PHSA-2022-4.0-0214	Nessus	PhotonOS Local Security Checks	high
191280	CentOS 9 : lua-5.4.2-7.el9	Nessus	CentOS Local Security Checks	high
190735	Amazon Linux 2023 : lua, lua-devel, lua-libs (ALAS2023-2024-533)	Nessus	Amazon Linux Local Security Checks	high
184831	Rocky Linux 9 : lua (RLSA-2022:7329)	Nessus	Rocky Linux Local Security Checks	high
178627	Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3	Nessus	Solaris Local Security Checks	critical
172908	CBL Mariner 2.0 Security Update: nmap / lua / ntopng (CVE-2022-33099)	Nessus	MarinerOS Local Security Checks	high
166997	Amazon Linux 2022 : (ALAS2022-2022-176)	Nessus	Amazon Linux Local Security Checks	critical
166934	Oracle Linux 9 : lua (ELSA-2022-7329)	Nessus	Oracle Linux Local Security Checks	high
166892	AlmaLinux 9 : lua (ALSA-2022:7329)	Nessus	Alma Linux Local Security Checks	high
166883	RHEL 9 : lua (RHSA-2022:7329)	Nessus	Red Hat Local Security Checks	high
166119	Amazon Linux 2022 : (ALAS2022-2022-146)	Nessus	Amazon Linux Local Security Checks	critical

Detections

Analytics

CVE-2022-33099

high

Tenable Plugins

critical

critical

high

critical

high

high

high

high

high

critical

high

critical

high

high

high

critical