An update of the lua package has been released.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which     can cause a local denial of service. (CVE-2021-44647)

Note that Nessus relies on the presence of the package as reported by the vendor.

An update of the nmap package has been released.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-176 advisory.

    A stack overflow issue was discovered in Lua in the lua_resume() function of ldo.c. This flaw allows a     local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a     denial of service. (CVE-2021-43519)

    A flaw was found in Lua. An SEGV crash in the funcnamefromcode() function in ldebug.c during error     handling occurs in __close metamethods. This flaw allows an attacker to cause a denial of service.
    (CVE-2021-44647)

    A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in     the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in     malicious activity. (CVE-2022-28805)

    A vulnerability was found in Lua. During error handling, the luaG_errormsg() component uses slots from     EXTRA_STACK. Some errors can recur such as a string overflow while creating an error message in     luaG_runerror, or a C-stack overflow before calling the message handler, causing a crash that leads to a     denial of service. (CVE-2022-33099)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-031 advisory.

    A stack overflow issue was discovered in Lua in the lua_resume() function of ldo.c. This flaw allows a     local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a     denial of service. (CVE-2021-43519)

    A flaw was found in Lua. An SEGV crash in the funcnamefromcode() function in ldebug.c during error     handling occurs in __close metamethods. This flaw allows an attacker to cause a denial of service.
    (CVE-2021-44647)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of lua / memcached / ntopng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44647 advisory.

  - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which     can cause a local denial of service. (CVE-2021-44647)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of lua / memcached / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44647 advisory.

  - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which     can cause a local denial of service. (CVE-2021-44647)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202305-23 (Lua: Multiple Vulnerabilities)

  - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-     dependent attackers to cause a denial of service (crash) via a small number of arguments to a function     with a large number of fixed arguments. (CVE-2014-5461)

  - Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which     can cause a local denial of service. (CVE-2021-44647)

  - singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain     luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles     untrusted Lua code. (CVE-2022-28805)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
203800	Photon OS 3.0: Lua PHSA-2023-3.0-0620	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	medium
224243	Linux Distros Unpatched Vulnerability : CVE-2021-44647	Nessus	Misc.	3/5/2025	3/5/2025	medium
203606	Photon OS 5.0: Nmap PHSA-2023-5.0-0036	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	critical
166997	Amazon Linux 2022 : lua, lua-devel, lua-libs (ALAS2022-2022-176)	Nessus	Amazon Linux Local Security Checks	11/4/2022	12/11/2024	critical
203884	Photon OS 3.0: Nmap PHSA-2023-3.0-0601	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	critical
212458	Amazon Linux 2022 : lua, lua-devel, lua-libs (ALAS2022-2022-031)	Nessus	Amazon Linux Local Security Checks	12/11/2024	12/12/2024	medium
203667	Photon OS 4.0: Nmap PHSA-2023-4.0-0517	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	high
216573	Azure Linux 3.0 Security Update: lua / memcached / ntopng (CVE-2021-44647)	Nessus	Azure Linux Local Security Checks	2/21/2025	4/13/2025	medium
203238	Photon OS 4.0: Lua PHSA-2022-4.0-0168	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	medium
172919	CBL Mariner 2.0 Security Update: lua / memcached / ntopng (CVE-2021-44647)	Nessus	MarinerOS Local Security Checks	3/20/2023	4/13/2025	medium
175055	GLSA-202305-23 : Lua: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	5/3/2023	5/4/2023	critical

Detections

Analytics

Plugins Search

medium

medium

critical

critical

critical

medium

high

medium

medium

medium

critical