Release of Invalid Pointer or Reference

CVE-2020-24371

Medium

5/10

Summary

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

Advisory Timeline

Published Aug 17, 2020

Release of Invalid Pointer or Reference

CVE-2020-24371

Summary

CWE-763 - Release of Invalid Pointer or Reference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS