MNBSD-2026-19: C stack overflow in lua_resume via a maliciously crafted script

Severity: Unknown

Affected Package: lua

Summary: C stack overflow in lua_resume via a maliciously crafted script

Description

lua_resume() did not check for C stack overflow before resuming a coroutine, allowing a stack overflow to be triggered by a maliciously crafted Lua script. Fixed by updating contrib/lua to 5.4.7, which adds the missing C stack check in ldo.c.

Affected Versions

lua

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2021-43519

Published: June 11, 2026
Last Modified: June 11, 2026