{"id":"CVE-2020-15888","details":"Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.","aliases":["BIT-lua-2020-15888"],"modified":"2026-04-10T04:23:09.302055Z","published":"2020-07-21T22:15:12.090Z","related":["openSUSE-SU-2024:11029-1","openSUSE-SU-2025:15401-1"],"references":[{"type":"FIX","url":"https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7"},{"type":"FIX","url":"https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5"},{"type":"EVIDENCE","url":"http://lua-users.org/lists/lua-l/2020-07/msg00053.html"},{"type":"EVIDENCE","url":"http://lua-users.org/lists/lua-l/2020-07/msg00054.html"},{"type":"EVIDENCE","url":"http://lua-users.org/lists/lua-l/2020-07/msg00071.html"},{"type":"EVIDENCE","url":"http://lua-users.org/lists/lua-l/2020-07/msg00079.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lua/lua","events":[{"introduced":"0"},{"last_affected":"c33b1728aeb7dfeec4013562660e07d32697aa6b"},{"fixed":"6298903e35217ab69c279056f925fb72900ce0b7"},{"fixed":"eb41999461b6f428186c55abd95f4ce1a76217d5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.4.0-NA"}]}}],"versions":["v1.2","v2.1","v2.2","v2.3-beta","v2.4","v2.4-beta","v2.5","v2.5-beta","v2.5.1","v3.0","v3.0-alpha","v3.1","v3.1-alpha","v3.2","v3.2-beta","v4.0","v4.0-alpha","v4.0-beta","v4.1-alpha","v5.0","v5.0-alpha","v5.0-beta","v5.1","v5.1-alpha","v5.1-beta","v5.1.1","v5.2-alpha","v5.2-beta","v5.2.0","v5.2.1","v5.2.2","v5.3-alpha","v5.3-beta","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.3.4","v5.4-alpha","v5.4-beta","v5.4-w2","v5.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15888.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}