Integer Underflow (Wrap or Wraparound)

CVE-2020-24370

Medium

5.3/10

Summary

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-191 - Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

Advisory Timeline

Published Aug 17, 2020

Integer Underflow (Wrap or Wraparound)

CVE-2020-24370

Summary

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS